[Samba] samba 4.9.5 - joining Samba DC to existing Samba AD failed (ldbsearch has not -U and -V)
Franta Hanzlík
franta at hanzlici.cz
Sat Mar 30 21:55:20 UTC 2019
On Fri, 29 Mar 2019 09:00:08 +0000
Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Fri, 29 Mar 2019 09:28:37 +0100
> Franta Hanzlík <franta at hanzlici.cz> wrote:
>
> > On Wed, 27 Mar 2019 13:11:08 +0000
> > Rowland Penny via samba <samba at lists.samba.org> wrote:
> >
> > > On Wed, 27 Mar 2019 13:00:42 +0100
> > > Franta Hanzlík <franta at hanzlici.cz> wrote:
> > >
> [...]
> > >
> > > How did you compile Samba ?
> > >
> > > You seem to have lost a lot of the options :-)
> > >
> > > on Debian 4.9.5, you get this:
> > >
> > > ldbsearch --usage
> > > Usage: [-?viraSNPeV] [-?|--help] [--usage] [-H|--url=URL]
> > > [-b|--basedn=DN] [-e|--editor=PROGRAM] [-s|--scope=SCOPE]
> > > [-v|--verbose] [--trace] [-i|--interactive] [-r|--recursive]
> > > [--modules-path=PATH] [--num-searches=INT] [--num-records=INT]
> > > [-a|--all] [--nosync] [-S|--sorted] [-o=OPTION] [--controls=STRING]
> > > [--show-binary] [--paged] [--show-deleted] [--show-recycled]
> > > [--show-deactivated-link] [--reveal] [--relax] [--cross-ncs]
> > > [--extended-dn] [-d|--debuglevel=DEBUGLEVEL]
> > > [--debug-stderr] [-s|--configfile=CONFIGFILE] [--option=name=value]
> > > [-l|--log-basename=LOGFILEBASE] [--leak-report]
> > > [--leak-report-full] [-U|--user=[DOMAIN/]USERNAME[%PASSWORD]]
> > > [-N|--no-pass] [--password=STRING] [-A|--authentication-file=FILE]
> > > [-P|--machine-pass] [--simple-bind-dn=STRING]
> > > [-k|--kerberos=STRING] [--krb5-ccache=STRING] [-S|--sign]
> > > [-e|--encrypt] [-R|--name-resolve=NAME-RESOLVE-ORDER]
> > > [-O|--socket-options=SOCKETOPTIONS]
> > > [-n|--netbiosname=NETBIOSNAME] [-S|--signing=on|off|required]
> > > [-W|--workgroup=WORKGROUP] [--realm=REALM] [-i|--scope=SCOPE]
> > > [-m|--maxprotocol=MAXPROTOCOL] [-V|--version]
> > >
> > > It looks like you have lost these:
> > >
> > > Usage: [-NPeV]
> > > [--reveal] [--relax] [--cross-ncs]
> > > [--extended-dn] [-d|--debuglevel=DEBUGLEVEL]
> > > [--debug-stderr] [-s|--configfile=CONFIGFILE] [--option=name=value]
> > > [-l|--log-basename=LOGFILEBASE] [--leak-report]
> > > [--leak-report-full] [-U|--user=[DOMAIN/]USERNAME[%PASSWORD]]
> > > [-N|--no-pass] [--password=STRING] [-A|--authentication-file=FILE]
> > > [-P|--machine-pass] [--simple-bind-dn=STRING]
> > > [-k|--kerberos=STRING] [--krb5-ccache=STRING] [-S|--sign]
> > > [-e|--encrypt] [-R|--name-resolve=NAME-RESOLVE-ORDER]
> > > [-O|--socket-options=SOCKETOPTIONS]
> > > [-n|--netbiosname=NETBIOSNAME] [-S|--signing=on|off|required]
> > > [-W|--workgroup=WORKGROUP] [--realm=REALM] [-i|--scope=SCOPE]
> > > [-m|--maxprotocol=MAXPROTOCOL] [-V|--version]
> > >
> > > Rowland
> >
> > Hi Rowland,
> > I was looking into Samba-4.9.5 sources (as they are on URL
> > https://download.samba.org/pub/samba/stable/samba-4.9.5.tar.gz
> > ) and (but I'm not programmer) it seems to me, as my ldbsearch (and
> > other ldb-utils) behaves according them. So it may be that version in
> > Debian is somehow modified, extended by remote LDB file access, etc.
>
> This is possible, but it is more likely that they are throttled on
> red-hat distro's because they are not expected to be provisioned as a
> DC.
"they" is who? I build Samba-4.9.5 from official stable release,
downloaded from URL above.
> I did some checking and I have a couple of extra libs linked to
> ldbsearch:
>
> libtdb.so.1 => /lib64/libtdb.so.1 (0x00007f9a7905e000)
> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f9a79022000)
Those two libs I have too. For your ldbsearch program, I would expect
that there would be additional libraries as libldap, libsasl2, libgssapi,
libkrb5 etc. - those, which are needed for network access.
But - are not ldb* tools rather like as tdb tools, i.e. tool for work
with some file types - thus they have not need for network access?
> Can you post the configure options used to compile your Samba packages.
Sorry, I forgot to include them. It is:
./configure
--build=x86_64-redhat-linux-gnu
--host=x86_64-redhat-linux-gnu
--program-prefix=
--disable-dependency-tracking
--prefix=/usr
--exec-prefix=/usr
--bindir=/usr/bin
--sbindir=/usr/sbin
--sysconfdir=/etc
--datadir=/usr/share
--includedir=/usr/include
--libdir=/usr/lib64
--libexecdir=/usr/libexec
--localstatedir=/var
--sharedstatedir=/var/lib
--mandir=/usr/share/man
--infodir=/usr/share/info
--enable-fhs
--with-piddir=/run
--with-sockets-dir=/run/samba
--with-modulesdir=/usr/lib64/samba
--with-pammodulesdir=/usr/lib64/security
--with-lockdir=/var/lib/samba/lock
--with-statedir=/var/lib/samba
--with-cachedir=/var/lib/samba
--disable-rpath-install
--with-shared-modules=idmap_ad,idmap_rid,idmap_ldap,idmap_hash,idmap_tdb2,pdb_tdbsam,pdb_ldap,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4,auth_wbc,auth_unix,auth_server,auth_script,auth_samba4,vfs_dfs_samba4
'--bundled-libraries=!zlib,!popt,!talloc,!pytalloc,!pytalloc-util,!tevent,!pytevent,!tdb,!pytdb,!ldb,!pyldb,!pyldb-util'
--with-pam
--with-pie
--with-relro
--without-fam
--with-cluster-support
--with-profiling-data
--accel-aes=intelaesni
--with-systemd
--systemd-install-services
--with-systemddir=/usr/lib/systemd/system
--systemd-smb-extra=Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba
--systemd-nmb-extra=Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba
--systemd-winbind-extra=Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba
--systemd-samba-extra=Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba
--extra-python=/usr/bin/python3
But now (Errghrreahh), looking at [non]--bundled-libraries, I again look
from where my ldbsearch really is - and in Fedora it is separate package,
ldb-tools-1.4.6 (source https://www.samba.org/ftp/pub/ldb/ldb-1.4.6.tar.gz).
I tried rebuild it, but result was same as from original Fedora package
- I had only subset of your switches. Not sure, if it is right, but as
operations on LDB files seems be OK, I'm perhaps not going to solve it.
> Rowland
>
--
Franta Hanzlík
More information about the samba
mailing list