[Samba] using samba-tool from a domain member other than the DC
Jason Keltz
jas at eecs.yorku.ca
Thu Jul 23 17:42:19 UTC 2020
Hi.
I left off from my original question...
I've joined the domain using "realm join", and am not using winbind.
I'm looking for the minimal configuration I need to have in smb.conf to
be able to run samba-tool from a domain member.
My /etc/krb5.conf contains:
[libdefaults]
default_realm = <my realm>
dns_lookup_realm = false
dns_lookup_kdc = true
My /etc/smb.conf contains minimal:
[global]
workgroup=<my workgroup>
security=ADS
realm=<my realm>
Have I missed providing some detail?
Do I need to be running smbd to be able to use samba-tool from a domain
member?
Is nobody else using samba-tool from outside their DC that might be able
to suggest why this doesn't work?
Thanks,
Jason.
On 7/22/2020 9:20 PM, Jason Keltz via samba wrote:
> Hi.
>
> I have a Samba AD DC setup that is working well. I want to be able to
> use "samba-tool" from another Linux host that is a member of the
> domain (eg. my host). I've looked at page after page online, and
> can't seem to figure out how to make this work.
>
> On the domain member I did:
>
> kinit Administrator
>
> I'm asked for the domain admin password and it's accepted, then I
> thought I could just do:
>
> samba-tool user list -k yes
>
> ... but samba tries to read the users from local TDB files which of
> course don't exist on the host since it's an AD member, and not the DC.
>
> I tried adding: -H ldaps://dc.server.com after copying in the proper
> auto generated keys from the samba DC to the domain member, but that
> didn't work either. Now I have:
>
> Failed to bind - LDAP client internal error: NT_STATUS_UNSUCCESSFUL
> Failed to connect to 'ldaps://dc1.eecs.yorku.ca' with backend 'ldaps':
> LDAP client internal error: NT_STATUS_UNSUCCESSFUL
> ERROR(ldb): uncaught exception - LDAP client internal error:
> NT_STATUS_UNSUCCESSFUL
>
> Any ideas? I must be close.
>
> Jason.
>
>
--
Jason Keltz
Manager of Development
Department of Electrical Engineering & Computer Science
York University, Toronto, Canada
Tel: 416-736-2100 x. 33570
Fax: 416-736-5872
More information about the samba
mailing list