[Samba] Login to LDAP from new version FortiClientEMS
Programnet
tomeks at programnet.eu
Tue Nov 5 13:40:01 UTC 2024
W dniu 2.11.2024 o 11:19, Rowland Penny via samba pisze:
>
> If your TLD is '.local', then I take it you missed that it is reserved
> for Bonjour and Avahi, so if Avahi is running on the DC, you should
> turn it off (and everywhere else in your domain).
I am aware of this. The domain was set up almost 20 years ago, at that
time some guides advised not to do anything on the public domain, and
now it is very difficult to change it.
>
> You also seem to be running Bind9, is this set up correctly ?
> Please post the contents of:
> /etc/bind/named.conf
> /etc/bind/named.conf.options
> /etc/bind/named.conf.local
# cat /etc/bind/named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
__________________________________
# cat /etc/bind/named.conf.options
acl internals { 127.0.0.0/8; 192.168.0.0/24; 10.0.0.0/8; }; options {
directory "/var/cache/bind"; version "Go Away 0.0.7"; notify no;
empty-zones-enable no; auth-nxdomain yes; forwarders { 8.8.8.8; 1.1.1.1;
}; allow-transfer { none; }; dnssec-validation no; // If you only use
IPv4. listen-on-v6 { none; }; // listen on these ipnumbers. listen-on
port 53 { any; }; minimal-responses yes; // Add any subnets or hosts you
want to allow to use this DNS server allow-query { any; };
allow-query-cache { any; }; tkey-gssapi-keytab
"/var/lib/samba/bind-dns/dns.keytab"; };
__________________________________
# cat /etc/bind/named.conf.local
include "/var/lib/samba/bind-dns/named.conf";
__________________________________
# cat /var/lib/samba/bind-dns/named.conf
database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_18.so";
# cat /etc/bind/named.conf.default-zones
zone "." { type hint; file "/usr/share/dns/root.hints"; }; // be
authoritative for the localhost forward and reverse zones, and for //
broadcast zones as per RFC 1912 zone "localhost" { type master; file
"/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file
"/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file
"/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file
"/etc/bind/db.255"; };
I don't really understand what DNS configuration has to do with the
problem where when I log into ldap using: sasl it works but when I use:
ntlmsspNegotiate LDAP drops the connection and the logs contain the entry:
[2024/11/05 14:19:11.121983, 3]
lib/ldb-samba/ldb_wrap.c:340(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2024/11/05 14:19:11.122344, 3]
lib/ldb-samba/ldb_wrap.c:340(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2024/11/05 14:19:11.123630, 3]
source4/samba/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection -
'ldapsrv_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_RESET' [2024/11/05 14:19:11.124440, 3]
source4/samba/service_stream.c:6 7(stream_terminate_connection)
stream_terminate_connection: Terminating connection - 'LDAP_PROTOCOL_ERROR'
> I don't use forticlient, but it seems there are various ways to connect
> to it, which variant are you using ?
ForticlientEMS supports only LDAP or LDAPS
More information about the samba
mailing list