[Samba] Mail samba

Rowland penny rpenny at samba.org
Sat Oct 10 15:00:02 UTC 2020 

On 10/10/2020 15:08, Rowland penny via samba wrote:
> On 10/10/2020 14:40, Philip Offermans wrote:
>>
>>>>
>>>>
>>>>
>>>> (The ip6 addresses are from docker)
>>> 'docker' ???
>> https://www.docker.com would recommend to check it out some time
> No, I should have expanded on that, what I meant was, is one or other 
> of the DC or Unix domain member running in a docker container ?
>>
>>
>>> On 10 Oct 2020, at 14:25, Rowland penny via samba 
>>> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>>>
>>> Strange, I run: ldapsearch -h dc4.samdom.example.com 
>>> <http://dc4.samdom.example.com/> -U 'rowland' -W -b 
>>> 'cn=users,dc=samdom,dc=example,dc=com'
>>>
>>> At the top of the successful result is this:
>>>
>>> Enter LDAP Password:
>>> SASL/GSS-SPNEGO authentication started
>>> SASL username: rowland at SAMDOM.EXAMPLE.COM 
>>> <mailto:rowland at SAMDOM.EXAMPLE.COM>
>>> SASL SSF: 56
>>> SASL data security layer installed.
>>> # extended LDIF
>>>
>> What is strange is that I get this
>> root at dna:/home/philip# ldapsearch -h gaia.rompen.lokaal -U 'philip' 
>> -W -b 'cn=users,dc=rompen,dc=lokaal'
>> Enter LDAP Password:
>> SASL/NTLM authentication started
>> Please enter your password:
>> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>> additional info: 8009030C: LdapErr: DSID-0C0904DC, comment: 
>> AcceptSecurityContext error, data 52e, v1db1
>>
>> I don’t fully understand. But what do you have to fill in by ldap 
>> password? The user password or is this an global password? What does 
>> sass/N
>>
> I don't understand it either, you seem to be running the same as I am, 
> but you are using NTLM in the search (SASL/NTLM authentication 
> started) and I am using kerberos:
>
> SASL/GSS-SPNEGO authentication started
> SASL username: rowland at SAMDOM.EXAMPLE.COM
>
> I am using Devuan 3 (Debian 10 minus systemd) on the DC and Unix 
> domain member and it works.
>
> However, I have just discovered it doesn't work from Unix domain 
> member running on Raspbian:
>
> pi at raspberrypi:~ $ ldapsearch -h dc4.samdom.example.com -U 'rowland' 
> -W -b 'cn=Users,dc=samdom,dc=example,dc=com'
> Enter LDAP Password:
> SASL/GSS-SPNEGO authentication started
> ldap_sasl_interactive_bind_s: Local error (-2)
>     additional info: SASL(-1): generic failure: GSSAPI Error:  An 
> unsupported mechanism was requested (unknown mech-code 0 for mech 
> unknown)
>
> Same command against the same DC and it doesn't work :-\
>
> It is still trying to use Kerberos though.
>
> I will get back to you when I find out why it isn't working.
>
> Rowland
>
>
>
OK, found out why it wasn't working on the rpi, I was logged in as 'pi', 
when I logged in as 'rowland', it works, fairly obvious if you stop and 
think about it :-D

Try the search with your username & password, not 'vmail'

Rowland

More information about the samba mailing list