[Samba] samba 4.9.5 - joining Samba DC to existing Samba AD failed
Rowland Penny
rpenny at samba.org
Wed Mar 27 09:36:55 UTC 2019
On Wed, 27 Mar 2019 09:01:39 +0000
Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Wed, 27 Mar 2019 09:45:18 +0100
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>
> > Hai,
> >
> >
> > I dont think one noticed this..
> >
> > ldbsearch -H ldap://dc4 -UAdministrator
> > ldbsearch -H ldap://dc1 -U Administrator
> >
> > So whats the difference when you see this responce of the command:
> > Invalid option -U: unknown ...
> >
> > The " " between -U Admin...
> > Try again without the space or use --user=Administrator
> >
> >
> > Greetz,
> >
> > Louis
>
> The space doesn't make any difference '-U Administrator' or
> '-UAdministrator' both work, as does '-U administrator' or
> '-Uadministrator'
>
> I just wonder where '-U' went ?
>
> Rowland
>
I have been looking at the 'Administrator' object that the OP posted.
The failure in his original post was this:
ERROR(ldb): uncaught exception - descriptor_modify on
CN=Administrator,CN=Users,DC=zamecek,DC=home failed: operations error
at ../source4/dsdb/samdb/ldb_modules/descriptor.c:819
lines 816 - 820 in descriptor.c are these:
objectclass = dsdb_get_last_structural_class(schema,
objectclass_element);
if (objectclass == NULL) {
return ldb_operr(ldb);
}
So, it looks like (to me anyway) that it is looking for the objectclass
for 'nTSecurityDescriptor' and trying to match it to the last
objectclass found in the list:
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: posixAccount
I may be barking up the wrong tree here, but I would remove all the
rfc2307 attributes and objectclass from 'Administrator':
objectClass: posixAccount
gidNumber: 1103
uidNumber: 0
loginShell: /bin/bash
unixHomeDirectory: /root
They are definitely not required and could be causing the problem.
Rowland
More information about the samba
mailing list