[Samba] 4.9.12 operation unavailable without authentication

Rowland penny rpenny at samba.org
Tue Sep 3 18:21:54 UTC 2019 

On 03/09/2019 18:50, Mike Ray via samba wrote:
> I have Samba in production (4.9.6-12 on Ubuntu 18.04) which is working well.
>
> However, we are several releases behind so I am gearing up to upgrade to the latest 4.9 release.
>
> As part of the preparations (and for other reasons), I spun up an upgraded DC cluster in our development environment (4.9.12-15 on Ubuntu 18.04).
>
> The initial setup seemed to work and now I have two DCs that appear to be replicating.
>
> As part of our setup, we have a health check script that runs daily, which runs a variety of commands to verify everything is OK.
>
> On the production cluster, this works without issue.
>
> However, on the development cluster, "samba-tool ldapcmp" returns:
>
> ERROR(ldb): uncaught exception - LDAP error 1 LDAP_OPERATIONS_ERROR -  <00002020: Operation unavailable without authentication> <>
>    File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 178, in _run
>      return self.run(*args, **kwargs)
>    File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line 972, in run
>      outf=self.outf, errf=self.errf)
>    File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line 79, in __init__
>      self.domain_netbios = self.find_netbios()
>    File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line 115, in find_netbios
>      scope=SCOPE_SUBTREE, attrs=["nETBIOSName"])
>
> I did not get any hits in the changelog when I did brief searching for that error.
>
> Does anyone know what has changed in regards to this tool? What do I need to add for appropriate authentication (I tried using the --username/password and --username2/password2 flags but got the same error)?
>
>
> Mike Ray
>
I do hope that 'cluster' == 'domain' ;-)

I have always used authentication, so I am unsure when it became 
obligatory (if it wasn't from the start).

The way to use it is:

samba-tool ldapcmp ldap://dc1 ldap://dc2 -U Administrator 
--password=<PASSWORD>

Or as root:

kinit Administrator

samba-tool ldapcmp ldap://dc1 ldap://dc2 -k

Rowland

More information about the samba mailing list