[Samba] using samba-tool from a domain member other than the DC
Jason Keltz
jas at eecs.yorku.ca
Thu Jul 23 01:20:24 UTC 2020
Hi.
I have a Samba AD DC setup that is working well. I want to be able to
use "samba-tool" from another Linux host that is a member of the domain
(eg. my host). I've looked at page after page online, and can't seem to
figure out how to make this work.
On the domain member I did:
kinit Administrator
I'm asked for the domain admin password and it's accepted, then I
thought I could just do:
samba-tool user list -k yes
... but samba tries to read the users from local TDB files which of
course don't exist on the host since it's an AD member, and not the DC.
I tried adding: -H ldaps://dc.server.com after copying in the proper
auto generated keys from the samba DC to the domain member, but that
didn't work either. Now I have:
Failed to bind - LDAP client internal error: NT_STATUS_UNSUCCESSFUL
Failed to connect to 'ldaps://dc1.eecs.yorku.ca' with backend 'ldaps':
LDAP client internal error: NT_STATUS_UNSUCCESSFUL
ERROR(ldb): uncaught exception - LDAP client internal error:
NT_STATUS_UNSUCCESSFUL
Any ideas? I must be close.
Jason.
More information about the samba
mailing list