[Samba] Can't join domain (LDAP error)
Rowland penny
rpenny at samba.org
Thu May 6 16:29:53 UTC 2021
On 03/05/2021 02:54, Timur I. Bakeyev via samba wrote:
> Hi from the future!
>
> On Mon, 9 Nov 2020 at 08:13, O'Connor, Daniel via samba <
> samba at lists.samba.org> wrote:
>
>>> On 9 Nov 2020, at 14:51, Andrew Bartlett <abartlet at samba.org> wrote:
>>> On Mon, 2020-11-09 at 14:43 +1030, O'Connor, Daniel wrote:
>>>> Good idea.
>>>> First step is building Samba from source which is not a fun
>>>> experience on FreeBSD :(
>>> We do honestly want to make this easier. Now of course that doesn't
>>> help for a historical bisect, but we are open to and encourage up-
>>> streaming of patches from ports. (We also ask that patches we reject -
>>> this has happened - be removed from the port, but can't force that).
>> I managed to get the build done with the patches from the FreeBSD port
>> (plus a few mods where they did not apply).
>>
>> However the problem is when I go to bisect all those patches need to be
>> manually re-applied (eg stash push/pop) and then hand fixed which is quite
>> tedious..
>>
>> I did a bit more digging and 4.12.7 works, 4.13.0 is broken (and HEAD).
>>
> The (quite rude, TBH)
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252385 suggests, that the
> problem, possibly,
> was introduced by introduced by this Volker's commit:
> https://gitlab.com/samba-team/devel/samba/-/commit/011a2a82953fa910e1e7dee9862fbb5deaae8651
> where sscanf() is invoked with unsupported by FreeBSD `%m` modifier. That,
> obviously, would kill all the URL parsing.
>
I don't know about the code, but don't bother with ldaps for searches,
use kerberos instead, believe it or not, it is more secure, also use the
ldb-tools, it is a lot easier.
As for the 'domain join', I would expect it to fail, you do not use '-k
yes' with -U, I would (after root has run 'kinit Administrator') expect
this to work:
samba-tool domain join smallcatbrain.com DC -k yes --option='dns
forwarder=192.168.2.1' --option='idmap_ldb:use rfc2307=yes'
--option="vfs objects=zfsacl dfs_samba4 acl_xattr"
Rowland
More information about the samba
mailing list