[Samba] Different LDAP query in different DC...

Marco Gaiarin gaio at sv.lnf.it
Thu Nov 29 10:51:17 UTC 2018 

Mandi! Rowland Penny via samba
  In chel di` si favelave...

> Whilst there are attributes that do not get replicated between DC's,
> the majority are, so each DC should allow the same access.
> Do you have access to the DC ?
> Can you run the search locally ?

Sure! As just stated, local access (via ldbsearch against the local
SAM) works as expected:

 root at vdcpp1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "DC=ad,DC=fvg,DC=lnf,DC=it" "(cn=prova123)"
 # record 1
 dn: CN=prova123,CN=Aliases,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it
 objectClass: top
 objectClass: nisMailAlias
 cn: prova123
 instanceType: 4
 whenCreated: 20171218110150.0Z
 uSNCreated: 7923
 name: prova123
 objectGUID: 82012731-c88e-49dd-a802-714877fb1ca3
 objectCategory: CN=inetLocalMailRecipient,CN=Schema,CN=Configuration,DC=ad,DC=
  fvg,DC=lnf,DC=it
 whenChanged: 20181126155319.0Z
 uSNChanged: 1662169
 rfc822MailMember: gaio
 rfc822MailMember: marco.gaiarin
 distinguishedName: CN=prova123,CN=Aliases,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it
 
 # Referral
 ref: ldap://ad.fvg.lnf.it/CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
 
 # Referral
 ref: ldap://ad.fvg.lnf.it/DC=DomainDnsZones,DC=ad,DC=fvg,DC=lnf,DC=it
 
 # Referral
 ref: ldap://ad.fvg.lnf.it/DC=ForestDnsZones,DC=ad,DC=fvg,DC=lnf,DC=it
 
 # returned 4 records
 # 1 entries
 # 3 referrals


> If it works locally, then something is getting in the way.
> If it doesn't work locally, then there is something wrong with AD on
> that computer.

Arnaud, in private email, suggest to check the sddl of that specific
object.

But how can i check that?

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list