[Samba] Different LDAP query in different DC...

[Marco Gaiarin]

Mandi! Rowland Penny via samba
  In chel di` si favelave...

> If an ldap lookup works on every DC, except for one and the data is
> definitely there on the one DC it doesn't work on, then it must be
> something on that DC. is there a firewall or apparmor/selinux in the
> way ?

No. Anyway, note that query return correctly 'result: 0 Success',
simply return no data.
Another query to the same DC return data. eg:

 root at vdmpp1:~# ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember | grep ^rfc822MailMember
 Enter LDAP Password: 
 root at vdmpp1:~# 
 root at vdmpp1:~# ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(uid=gaio)" uid | grep ^uid
 Enter LDAP Password: 
 uid: gaio

Seems really to me an ACL trouble, note also:

 root at vdmpp1:~# ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D CN=gaio,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember | grep ^rfc822MailMember
 Enter LDAP Password: 
 rfc822MailMember: gaio
 rfc822MailMember: marco.gaiarin

But how can i check ACLs data on different DCs?


> Compare the non-working computer with a working one, is there something
> different/missing or something set up differently.

I've checked 'samba-tool testparm', /etc/krb5.conf, /etc/hosts,
/etc/resolv.conf: all are the same (names and ips docet).

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)