[Samba] Can't join domain (LDAP error)

[O'Connor, Daniel]

> On 8 Nov 2020, at 20:24, Rowland penny via samba <samba at lists.samba.org> wrote:
>> ldbsearch does not work either:
>> root at samba-addc:/ # samba-ldbsearch -H ldap://gateway2.beger.com.au -U beger/darius '(objectclass=person)'
>> Failed to connect to ldap URL 'ldap://gateway2.beger.com.au' - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
>> Failed to connect to 'ldap://gateway2.beger.com.au' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER
> 
> I always shudder when I read Freebsd, jails and AD in the same sentence, it never seems to work 😭

It would be nice if it did though :)

> You do have what appears to be a mistake in your ldbsearch command, you have 'beger/darius', it should be 'BEGER\\darius', note the forward slash replaced by two backslashes, one to escape the other.

I tried that but no difference.

> On Linux, provided you have (at least) this in /etc/krb5.conf:
> 
> [libdefaults]
>     default_realm = BEGER.COM.AU
> 
> and dns is set up correctly, then it should work.

I have that in my krb5.conf, DNS does work as far as I can see (and kinit, klist etc work)

> I know little about Freebsd jails, but if I understand them correctly, they are very similar to using a chroot on Linux and I wouldn't want to try and run a second DC in a chroot.

Jails are pretty similar to chroot but more secure - like Linux containers.

--
Daniel O'Connor
"The nice thing about standards is that there
are so many of them to choose from."
 -- Andrew Tanenbaum