[Samba] Mail samba

Rowland penny rpenny at samba.org
Sat Oct 10 14:08:49 UTC 2020 

On 10/10/2020 14:40, Philip Offermans wrote:
>
>>>
>>>
>>>
>>> (The ip6 addresses are from docker)
>> 'docker' ???
> https://www.docker.com would recommend to check it out some time
No, I should have expanded on that, what I meant was, is one or other of 
the DC or Unix domain member running in a docker container ?
>
>
>> On 10 Oct 2020, at 14:25, Rowland penny via samba 
>> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>>
>> Strange, I run: ldapsearch -h dc4.samdom.example.com 
>> <http://dc4.samdom.example.com/> -U 'rowland' -W -b 
>> 'cn=users,dc=samdom,dc=example,dc=com'
>>
>> At the top of the successful result is this:
>>
>> Enter LDAP Password:
>> SASL/GSS-SPNEGO authentication started
>> SASL username: rowland at SAMDOM.EXAMPLE.COM 
>> <mailto:rowland at SAMDOM.EXAMPLE.COM>
>> SASL SSF: 56
>> SASL data security layer installed.
>> # extended LDIF
>>
> What is strange is that I get this
> root at dna:/home/philip# ldapsearch -h gaia.rompen.lokaal -U 'philip' -W 
> -b 'cn=users,dc=rompen,dc=lokaal'
> Enter LDAP Password:
> SASL/NTLM authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
> additional info: 8009030C: LdapErr: DSID-0C0904DC, comment: 
> AcceptSecurityContext error, data 52e, v1db1
>
> I don’t fully understand. But what do you have to fill in by ldap 
> password? The user password or is this an global password? What does 
> sass/N
>
I don't understand it either, you seem to be running the same as I am, 
but you are using NTLM in the search (SASL/NTLM authentication started) 
and I am using kerberos:

SASL/GSS-SPNEGO authentication started
SASL username: rowland at SAMDOM.EXAMPLE.COM

I am using Devuan 3 (Debian 10 minus systemd) on the DC and Unix domain 
member and it works.

However, I have just discovered it doesn't work from Unix domain member 
running on Raspbian:

pi at raspberrypi:~ $ ldapsearch -h dc4.samdom.example.com -U 'rowland' -W 
-b 'cn=Users,dc=samdom,dc=example,dc=com'
Enter LDAP Password:
SASL/GSS-SPNEGO authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
     additional info: SASL(-1): generic failure: GSSAPI Error:  An 
unsupported mechanism was requested (unknown mech-code 0 for mech unknown)

Same command against the same DC and it doesn't work :-\

It is still trying to use Kerberos though.

I will get back to you when I find out why it isn't working.

Rowland

More information about the samba mailing list