[Samba] Mail samba
Rowland penny
rpenny at samba.org
Sat Oct 10 14:08:49 UTC 2020
On 10/10/2020 14:40, Philip Offermans wrote:
>
>>>
>>>
>>>
>>> (The ip6 addresses are from docker)
>> 'docker' ???
> https://www.docker.com would recommend to check it out some time
No, I should have expanded on that, what I meant was, is one or other of
the DC or Unix domain member running in a docker container ?
>
>
>> On 10 Oct 2020, at 14:25, Rowland penny via samba
>> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>>
>> Strange, I run: ldapsearch -h dc4.samdom.example.com
>> <http://dc4.samdom.example.com/> -U 'rowland' -W -b
>> 'cn=users,dc=samdom,dc=example,dc=com'
>>
>> At the top of the successful result is this:
>>
>> Enter LDAP Password:
>> SASL/GSS-SPNEGO authentication started
>> SASL username: rowland at SAMDOM.EXAMPLE.COM
>> <mailto:rowland at SAMDOM.EXAMPLE.COM>
>> SASL SSF: 56
>> SASL data security layer installed.
>> # extended LDIF
>>
> What is strange is that I get this
> root at dna:/home/philip# ldapsearch -h gaia.rompen.lokaal -U 'philip' -W
> -b 'cn=users,dc=rompen,dc=lokaal'
> Enter LDAP Password:
> SASL/NTLM authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
> additional info: 8009030C: LdapErr: DSID-0C0904DC, comment:
> AcceptSecurityContext error, data 52e, v1db1
>
> I don’t fully understand. But what do you have to fill in by ldap
> password? The user password or is this an global password? What does
> sass/N
>
I don't understand it either, you seem to be running the same as I am,
but you are using NTLM in the search (SASL/NTLM authentication started)
and I am using kerberos:
SASL/GSS-SPNEGO authentication started
SASL username: rowland at SAMDOM.EXAMPLE.COM
I am using Devuan 3 (Debian 10 minus systemd) on the DC and Unix domain
member and it works.
However, I have just discovered it doesn't work from Unix domain member
running on Raspbian:
pi at raspberrypi:~ $ ldapsearch -h dc4.samdom.example.com -U 'rowland' -W
-b 'cn=Users,dc=samdom,dc=example,dc=com'
Enter LDAP Password:
SASL/GSS-SPNEGO authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: An
unsupported mechanism was requested (unknown mech-code 0 for mech unknown)
Same command against the same DC and it doesn't work :-\
It is still trying to use Kerberos though.
I will get back to you when I find out why it isn't working.
Rowland
More information about the samba
mailing list