[Samba] Ldapsearch against Samba AD returns records outside the search base
Christian Naumer
cn at brain-biotech.de
Sun Feb 2 17:05:01 UTC 2020
I will answer the question for our setup. And to be clear we do not have
a problem here. I just had some time to try this out.
Am 02.02.20 um 17:51 schrieb Rowland penny via samba:
> Time for a few questions:
>
> What OS is the user using ?
We are using centos 7
>
> Is the OP using distro packages, packages from somewhere else, or a self
> compiled Samba ?
We are using the Sernet packages.
The setup was a classic upgrade from a NT domain with Samba 4.4 (which
was the newest at the time) and upgraded step by step to 4.11.6.
>
> If self compiled, how was it compiled ?
>
> What is in smb.conf ?
Here is the smb.conf:
[global]
netbios name = DC1
realm = XX.XX.XX
server services = s3fs, rpc, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = XX
logging =syslog
log level = 1 auth_audit:4 dsdb_password_audit:5
dsdb_transaction_audit:5 dsdb_group_audit:5
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
template shell = /bin/bash
template homedir = /home/%U
ntlm auth = mschapv2-and-ntlmv2-only
disable netbios = yes
smb ports = 445
server min protocol = SMB2
client min protocol = SMB2
tls enabled = yes
tls keyfile = tls/server_de.key
tls certfile = tls/server.pem
tls cafile = tls/ca.pem
[netlogon]
path = /var/lib/samba/sysvol/xx.xx.xx/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
>
> Rowland
>
>
>
--
Dr. Christian Naumer
Unit Head Bioprocess Development
B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
fon +49-6251-9331-30 / fax +49-6251-9331-11
Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender), Manfred Bender,
Ludger Roedder
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
More information about the samba
mailing list