[Samba] dsdb_access Access check failed on CN=Configuration
Mike Ray
mray at xes-inc.com
Wed May 22 17:24:41 UTC 2019
Poking around on this further, I believe the LMHOSTS error does not matter.
The smb directive "name resolve order" defaults to "lmhosts wins host bcast" -- so I believe the file no found error is just because it's trying lmhosts first, not finding the file and then moving on.
Eventually it hits "host" resolution and uses /etc/hosts to resolve the name.
Changing the directive so that "host" is first and then re-running the command just removes the lmhosts errors; however the "ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - <dsdb_access: Access check failed ..." is still present.
----- On May 22, 2019, at 11:52 AM, Mike Ray mray at xes-inc.com wrote:
> Setting the log level to 10 shows this blurp in the output of the ldapcmp
> command:
>
> resolve_lmhosts: Attempting lmhosts lookup for name
> dc3.otherinternaldomain.local<0x20>
> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file
> or directory
> ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
> <dsdb_access: Access check failed on CN=Configuration,DC=domain,DC=local> <>
>
>
> I can confirm that file does not exist.
>
> It is interesting that it is looking for the 'otherinternaldomain.local' instead
> of just 'domain.local'.
>
> However, removing that entry from /etc/hosts does not change the output of the
> command.
More information about the samba
mailing list