[Samba] Configuring Linux openldap ldapsearch client-side tool to authenticate against a Samba AD server
John R. Graham
john_r_graham at mindspring.com
Tue Apr 25 19:22:41 UTC 2023
Is there a guide somewhere that explains the process of getting openldap
(the ldapsearch tool for starters) to authenticate against a Samba AD
server? On my Linux client, I can run
ldapsearch -LLL -x -b '' -s base '(objectClass=*)'
and get a detailed response from the server. Somewhat obfuscated, that
response is:
dn:
configurationNamingContext: CN=Configuration,DC=myrealm,DC=example,DC=com
defaultNamingContext: DC=myrealm,DC=example,DC=com
rootDomainNamingContext: DC=myrealm,DC=example,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=myrealm,DC=example,DC=org
subschemaSubentry:
CN=Aggregate,CN=Schema,CN=Configuration,DC=myrealm,DC=example,
DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
supportedCapabilities: 1.2.840.113556.1.4.1670
supportedCapabilities: 1.2.840.113556.1.4.1791
supportedCapabilities: 1.2.840.113556.1.4.1935
supportedCapabilities: 1.2.840.113556.1.4.2080
supportedLDAPVersion: 2
supportedLDAPVersion: 3
vendorName: Samba Team (https://www.samba.org)
isSynchronized: TRUE
dsServiceName: CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=myrealm,DC=example,DC=com
serverName: CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu
ration,DC=myrealm,DC=example,DC=com
dnsHostName: dc1.myrealm.example.com
ldapServiceName: myrealm.example.com:dc1$@MYREALM.EXAMPLE.COM
currentTime: 20230425172943.0Z
supportedControl: 1.2.840.113556.1.4.1413
supportedControl: 1.2.840.113556.1.4.1413
supportedControl: 1.2.840.113556.1.4.1413
supportedControl: 1.2.840.113556.1.4.1413
supportedControl: 1.2.840.113556.1.4.1413
supportedControl: 1.2.840.113556.1.4.528
supportedControl: 1.2.840.113556.1.4.841
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 2.16.840.1.113730.3.4.9
supportedControl: 1.2.840.113556.1.4.473
supportedControl: 1.2.840.113556.1.4.1504
supportedControl: 1.2.840.113556.1.4.801
supportedControl: 1.2.840.113556.1.4.801
supportedControl: 1.2.840.113556.1.4.805
supportedControl: 1.2.840.113556.1.4.1338
supportedControl: 1.2.840.113556.1.4.529
supportedControl: 1.2.840.113556.1.4.417
supportedControl: 1.2.840.113556.1.4.2064
supportedControl: 1.2.840.113556.1.4.1339
supportedControl: 1.2.840.113556.1.4.1340
supportedControl: 1.2.840.113556.1.4.1413
supportedControl: 1.2.840.113556.1.4.1341
namingContexts: DC=myrealm,DC=example,DC=com
namingContexts: CN=Configuration,DC=myrealm,DC=example,DC=com
namingContexts: CN=Schema,CN=Configuration,DC=myrealm,DC=example,DC=com
namingContexts: DC=DomainDnsZones,DC=myrealm,DC=example,DC=com
namingContexts: DC=ForestDnsZones,DC=myrealm,DC=example,DC=com
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: NTLM
highestCommittedUSN: 6034
domainFunctionality: 4
forestFunctionality: 4
domainControllerFunctionality: 4
isGlobalCatalogReady: TRUE
But almost any other query results in
Operations error (1)
Additional information: 00002020: Operation unavailable without
authentication
Surely I'm missing a pre-existing guide somewhere.
- John
More information about the samba
mailing list