[Samba] Can't join domain (LDAP error)

Rowland penny rpenny at samba.org
Sun Nov 8 12:19:26 UTC 2020

On 08/11/2020 11:52, O'Connor, Daniel wrote:
>> On 8 Nov 2020, at 20:24, Rowland penny via samba <samba at lists.samba.org> wrote:
>>> ldbsearch does not work either:
>>> root at samba-addc:/ # samba-ldbsearch -H ldap://gateway2.beger.com.au -U beger/darius '(objectclass=person)'
>>> Failed to connect to ldap URL 'ldap://gateway2.beger.com.au' - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
>>> Failed to connect to 'ldap://gateway2.beger.com.au' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER
>> I always shudder when I read Freebsd, jails and AD in the same sentence, it never seems to work 😭
> It would be nice if it did though :)
>> You do have what appears to be a mistake in your ldbsearch command, you have 'beger/darius', it should be 'BEGER\\darius', note the forward slash replaced by two backslashes, one to escape the other.
> I tried that but no difference.
>> On Linux, provided you have (at least) this in /etc/krb5.conf:
>> [libdefaults]
>>      default_realm = BEGER.COM.AU
>> and dns is set up correctly, then it should work.
> I have that in my krb5.conf, DNS does work as far as I can see (and kinit, klist etc work)
>> I know little about Freebsd jails, but if I understand them correctly, they are very similar to using a chroot on Linux and I wouldn't want to try and run a second DC in a chroot.
> Jails are pretty similar to chroot but more secure - like Linux containers.
Have you tried setting this up in a VM instead of a jail, if this works, 
it points to something to do with the jail, if it doesn't, then it 
points to a possible problem with Samba on Freebsd, or Samba itself. The 
latter isn't really likely, everything works on LInux, though this isn't 
much comfort to you.


More information about the samba mailing list