[Samba] RODC and LDAP via Simple Authentication fails
Andrew Bartlett
abartlet at samba.org
Mon Jan 22 20:08:57 UTC 2018
On Mon, 2018-01-22 at 20:56 +0100, Johannes Engel via samba wrote:
> Hi Andrew,
>
> I am deeply impressed by your speed! :D
>
> The RODC is actually Samba 4.7.4, the other DCs are still on 4.6.12.
>
> Any suggestion how I can debug this w/o setting everything on level 10? ;)
Just turn up the logs one level at a time until something comes out.
Upgrading the other DCs to 4.7 (carefully, per my other mail) might
help, as it would then match what our tests do, but I can't think of
how exactly.
In the long run it will ensure that the bad password count and lockout
is correctly handled.
Samba 4.8 will make this a little easier to debug because 'auth' is now
accepted as a debug class in the AD DC, so you can see those logs more
specifically with something like 'log level = 3 auth:5 winbind:5'.
I hope this helps,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list