[Samba] using samba-tool from a domain member other than the DC

Jason Keltz jas at eecs.yorku.ca
Thu Jul 23 01:20:24 UTC 2020


I have a Samba AD DC setup that is working well.  I want to be able to 
use "samba-tool" from another Linux host that is a member of the domain 
(eg. my host).  I've looked at page after page online, and can't seem to 
figure out how to make this work.

On the domain member I did:

kinit Administrator

I'm asked for the domain admin password and it's accepted, then I 
thought I could just do:

samba-tool user list -k yes

... but samba tries to read the users from local TDB files which of 
course don't exist on the host since it's an AD member, and not the DC.

I tried adding: -H ldaps://dc.server.com after copying in the proper 
auto generated keys from the samba DC to the domain member, but that 
didn't work either.  Now I have:

Failed to bind - LDAP client internal error: NT_STATUS_UNSUCCESSFUL
Failed to connect to 'ldaps://dc1.eecs.yorku.ca' with backend 'ldaps': 
LDAP client internal error: NT_STATUS_UNSUCCESSFUL
ERROR(ldb): uncaught exception - LDAP client internal error: 

Any ideas?  I must be close.


More information about the samba mailing list