[Samba] samba 4.9.5 - joining Samba DC to existing Samba AD failed (ldbsearch has not -U and -V)

Rowland Penny rpenny at samba.org
Fri Mar 29 09:00:08 UTC 2019 

On Fri, 29 Mar 2019 09:28:37 +0100
Franta Hanzlík <franta at hanzlici.cz> wrote:

> On Wed, 27 Mar 2019 13:11:08 +0000
> Rowland Penny via samba <samba at lists.samba.org> wrote:
> 
> > On Wed, 27 Mar 2019 13:00:42 +0100
> > Franta Hanzlík <franta at hanzlici.cz> wrote:
> >   
> > > Yes, is no difference between '-UAdministrator' and '-U
> > > Administrator'. But it seems, as ldbsearch in 4.9.5 is different
> > > than 4.9.4-. (I was furious with that, because I found lot
> > > articles on net, where -U _username_ was stated.
> > > 
> > > My ldbsearch is from pure Samba-4.9.5, self compiled on Fedora 29
> > > x86_64. And now I see it even has not '-V' switch:
> > > 
> > > [root at dc1 bind-dns]# ldbsearch --usage
> > > Usage: [-?viraS] [-?|--help] [--usage] [-H|--url=URL]
> > > [-b|--basedn=DN] [-e|--editor=PROGRAM] [-s|--scope=SCOPE]
> > > [-v|--verbose] [--trace] [-i|--interactive] [-r|--recursive]
> > > [--modules-path=PATH] [--num-searches=INT] [--num-records=INT]
> > > [-a|--all] [--nosync] [-S|--sorted] [-o=OPTION]
> > > [--controls=STRING] [--show-binary] [--paged] [--show-deleted]
> > > [--show-recycled] [--show-deactivated-link] [--reveal] [--relax]
> > > [--cross-ncs] [--extended-dn] [root at dc1 bind-dns]# ldbsearch -V
> > > Invalid option -V: unknown option Usage: ldbsearch <options>
> > > <expression> <attrs...> Usage: [OPTION...] -H,
> > > --url=URL                   database URL -b,
> > > --basedn=DN                 base DN -e, --editor=PROGRAM external
> > > editor -s, --scope=SCOPE               search scope -v,
> > > --verbose                   increase verbosity
> > > --trace                     enable tracing -i,
> > > --interactive               input from stdin -r,
> > > --recursive                 recursive delete
> > > --modules-path=PATH         modules path --num-searches=INT
> > > number of test searches --num-records=INT           number of
> > > test records -a, --all (|(objectClass=*)(distinguishedName=*))
> > > --nosync non-synchronous transactions -S,
> > > --sorted                    sort attributes
> > > -o=OPTION                       ldb_connect option
> > > --controls=STRING           controls --show-binary
> > > display binary LDIF --paged                     use a paged search
> > >       --show-deleted              show deleted objects
> > >       --show-recycled             show recycled objects
> > >       --show-deactivated-link     show deactivated links
> > >       --reveal                    reveal ldb internals
> > >       --relax                     pass relax control
> > >       --cross-ncs                 search across NC boundaries
> > >       --extended-dn               show extended DNs
> > > 
> > > Help options:
> > >   -?, --help                      Show this help message
> > >       --usage                     Display brief usage message    
> > 
> > How did you compile Samba ?
> > 
> > You seem to have lost a lot of the options :-)
> > 
> > on Debian 4.9.5, you get this:
> > 
> > ldbsearch --usage
> > Usage: [-?viraSNPeV] [-?|--help] [--usage] [-H|--url=URL]
> > [-b|--basedn=DN] [-e|--editor=PROGRAM] [-s|--scope=SCOPE]
> > [-v|--verbose] [--trace] [-i|--interactive] [-r|--recursive]
> > [--modules-path=PATH] [--num-searches=INT] [--num-records=INT]
> > [-a|--all] [--nosync] [-S|--sorted] [-o=OPTION] [--controls=STRING]
> > [--show-binary] [--paged] [--show-deleted] [--show-recycled]
> >         [--show-deactivated-link] [--reveal] [--relax] [--cross-ncs]
> >         [--extended-dn] [-d|--debuglevel=DEBUGLEVEL]
> > [--debug-stderr] [-s|--configfile=CONFIGFILE] [--option=name=value]
> >         [-l|--log-basename=LOGFILEBASE] [--leak-report]
> > [--leak-report-full] [-U|--user=[DOMAIN/]USERNAME[%PASSWORD]]
> > [-N|--no-pass] [--password=STRING] [-A|--authentication-file=FILE]
> >         [-P|--machine-pass] [--simple-bind-dn=STRING]
> > [-k|--kerberos=STRING] [--krb5-ccache=STRING] [-S|--sign]
> > [-e|--encrypt] [-R|--name-resolve=NAME-RESOLVE-ORDER]
> >         [-O|--socket-options=SOCKETOPTIONS]
> > [-n|--netbiosname=NETBIOSNAME] [-S|--signing=on|off|required]
> > [-W|--workgroup=WORKGROUP] [--realm=REALM] [-i|--scope=SCOPE]
> > [-m|--maxprotocol=MAXPROTOCOL] [-V|--version]
> > 
> > It looks like you have lost these:
> > 
> > Usage: [-NPeV]         
> >         [--reveal] [--relax] [--cross-ncs]
> >         [--extended-dn] [-d|--debuglevel=DEBUGLEVEL]
> > [--debug-stderr] [-s|--configfile=CONFIGFILE] [--option=name=value]
> >         [-l|--log-basename=LOGFILEBASE] [--leak-report]
> > [--leak-report-full] [-U|--user=[DOMAIN/]USERNAME[%PASSWORD]]
> > [-N|--no-pass] [--password=STRING] [-A|--authentication-file=FILE]
> >         [-P|--machine-pass] [--simple-bind-dn=STRING]
> > [-k|--kerberos=STRING] [--krb5-ccache=STRING] [-S|--sign]
> > [-e|--encrypt] [-R|--name-resolve=NAME-RESOLVE-ORDER]
> >         [-O|--socket-options=SOCKETOPTIONS]
> > [-n|--netbiosname=NETBIOSNAME] [-S|--signing=on|off|required]
> > [-W|--workgroup=WORKGROUP] [--realm=REALM] [-i|--scope=SCOPE]
> > [-m|--maxprotocol=MAXPROTOCOL] [-V|--version]
> > 
> > Rowland  
> 
> Hi Rowland,
> I was looking into Samba-4.9.5 sources (as they are on URL
> https://download.samba.org/pub/samba/stable/samba-4.9.5.tar.gz
> ) and (but I'm not programmer) it seems to me, as my ldbsearch (and
> other ldb-utils) behaves according them. So it may be that version in
> Debian is somehow modified, extended by remote LDB file access, etc.

This is possible, but it is more likely that they are throttled on
red-hat distro's because they are not expected to be provisioned as a
DC.

I did some checking and I have a couple of extra libs linked to
ldbsearch:

libtdb.so.1 => /lib64/libtdb.so.1 (0x00007f9a7905e000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f9a79022000)

Can you post the configure options used to compile your Samba packages.

Rowland

More information about the samba mailing list