[Samba] Can't join domain (LDAP error)

[Rowland penny]

On 08/11/2020 11:52, O'Connor, Daniel wrote:
>
>> On 8 Nov 2020, at 20:24, Rowland penny via samba <samba at lists.samba.org> wrote:
>>> ldbsearch does not work either:
>>> root at samba-addc:/ # samba-ldbsearch -H ldap://gateway2.beger.com.au -U beger/darius '(objectclass=person)'
>>> Failed to connect to ldap URL 'ldap://gateway2.beger.com.au' - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
>>> Failed to connect to 'ldap://gateway2.beger.com.au' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER
>> I always shudder when I read Freebsd, jails and AD in the same sentence, it never seems to work 😭
> It would be nice if it did though :)
>
>> You do have what appears to be a mistake in your ldbsearch command, you have 'beger/darius', it should be 'BEGER\\darius', note the forward slash replaced by two backslashes, one to escape the other.
> I tried that but no difference.
>
>> On Linux, provided you have (at least) this in /etc/krb5.conf:
>>
>> [libdefaults]
>>      default_realm = BEGER.COM.AU
>>
>> and dns is set up correctly, then it should work.
> I have that in my krb5.conf, DNS does work as far as I can see (and kinit, klist etc work)
>
>> I know little about Freebsd jails, but if I understand them correctly, they are very similar to using a chroot on Linux and I wouldn't want to try and run a second DC in a chroot.
> Jails are pretty similar to chroot but more secure - like Linux containers.
>
Have you tried setting this up in a VM instead of a jail, if this works, 
it points to something to do with the jail, if it doesn't, then it 
points to a possible problem with Samba on Freebsd, or Samba itself. The 
latter isn't really likely, everything works on LInux, though this isn't 
much comfort to you.

Rowland