[Samba] Can't join domain (LDAP error)
rpenny at samba.org
Sun Nov 8 12:19:26 UTC 2020
On 08/11/2020 11:52, O'Connor, Daniel wrote:
>> On 8 Nov 2020, at 20:24, Rowland penny via samba <samba at lists.samba.org> wrote:
>>> ldbsearch does not work either:
>>> root at samba-addc:/ # samba-ldbsearch -H ldap://gateway2.beger.com.au -U beger/darius '(objectclass=person)'
>>> Failed to connect to ldap URL 'ldap://gateway2.beger.com.au' - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
>>> Failed to connect to 'ldap://gateway2.beger.com.au' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER
>> I always shudder when I read Freebsd, jails and AD in the same sentence, it never seems to work 😭
> It would be nice if it did though :)
>> You do have what appears to be a mistake in your ldbsearch command, you have 'beger/darius', it should be 'BEGER\\darius', note the forward slash replaced by two backslashes, one to escape the other.
> I tried that but no difference.
>> On Linux, provided you have (at least) this in /etc/krb5.conf:
>> default_realm = BEGER.COM.AU
>> and dns is set up correctly, then it should work.
> I have that in my krb5.conf, DNS does work as far as I can see (and kinit, klist etc work)
>> I know little about Freebsd jails, but if I understand them correctly, they are very similar to using a chroot on Linux and I wouldn't want to try and run a second DC in a chroot.
> Jails are pretty similar to chroot but more secure - like Linux containers.
Have you tried setting this up in a VM instead of a jail, if this works,
it points to something to do with the jail, if it doesn't, then it
points to a possible problem with Samba on Freebsd, or Samba itself. The
latter isn't really likely, everything works on LInux, though this isn't
much comfort to you.
More information about the samba