[Samba] net ads status stripped output
Rowland penny
rpenny at samba.org
Thu Jun 4 09:28:59 UTC 2020
On 04/06/2020 10:00, Markus Lindberg wrote:
>> Ah, I think I understand what you are doing now, but I think you must be
>> running the command as root. If I run the command it just errors out
>> 'ERROR: Unable to open secrets database', but if I run it using sudo, I
>> get a similar output as yours.
>>
>> You are quite correct, '-P' means use the machine account and this is a
>> very unprivileged user.
> That is fair. When I run the `net ads status` command I run it as a
> somewhat 'normal' user. I can always authenticate with an AD account if
> I supply the '-U' flag or if I supply the '-k' flag (if `kinit` has
> been run). I always get the exact same stripped output.
>
> The attribute that I'm looking for is the 'distinguishedName' attribute.
> But it is not displayed when I run `net ads status` and I suspect that
> _something_ has changed that limits this output. So my question is, has
> this been changed? If so I need to find another way to fetch this
> attribute.
>
> --
> Markus
I suppose it must have changed, but you can get it with something like
this:
ldbsearch -H ldap://$(host -t SRV _ldap._tcp.pdc._msdcs.$(hostname -d) |
awk '{print $NF}') -P "(sAMAccountName=$(hostname -s)\$)"
distinguishedName | grep 'distinguishedName' | awk '{print $NF}'
It will involve installing ldb-tools
Rowland
More information about the samba
mailing list