Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] ldbsearch/kerberos issue
84 views
Skip to first unread message
Steve Thompson
Jul 13, 2012, 11:40:01 AM7/13/12
to
Samba 4.0.0beta3, CentOS 6.2
I can successfully perform an ldbsearch on the Samba ldb by specifying the
-U parameter:
# ldbsearch -H ldap://<hostname> -U <username>
and while I can kinit successfully, I cannot use the resulting ticket to
connect:
# ldbsearch -H ldap://<hostname> --kerberos=yes --krb5-ccache=/tmp/krb5cc_0
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://<name>' with backend 'ldap': (null)
Failed to connect to ldap://<name> - (null)
Would appreciate a clue.
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I can successfully perform an ldbsearch on the Samba ldb by specifying the
-U parameter:
# ldbsearch -H ldap://<hostname> -U <username>
and while I can kinit successfully, I cannot use the resulting ticket to
connect:
# ldbsearch -H ldap://<hostname> --kerberos=yes --krb5-ccache=/tmp/krb5cc_0
Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://<name>' with backend 'ldap': (null)
Failed to connect to ldap://<name> - (null)
Would appreciate a clue.
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
steve
Jul 13, 2012, 11:50:02 AM7/13/12
to
On 13/07/12 17:35, Steve Thompson wrote:
> Samba 4.0.0beta3, CentOS 6.2
>
> I can successfully perform an ldbsearch on the Samba ldb by specifying
> the -U parameter:
>
> # ldbsearch -H ldap://<hostname> -U <username>
>
> and while I can kinit successfully, I cannot use the resulting ticket to
> connect:
>
> # ldbsearch -H ldap://<hostname> --kerberos=yes
> --krb5-ccache=/tmp/krb5cc_0
> Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
> Failed to connect to 'ldap://<name>' with backend 'ldap': (null)
> Failed to connect to ldap://<name> - (null)
>
> Would appreciate a clue.
>
> Steve
>
Hi Steve
> Samba 4.0.0beta3, CentOS 6.2
>
> I can successfully perform an ldbsearch on the Samba ldb by specifying
> the -U parameter:
>
> # ldbsearch -H ldap://<hostname> -U <username>
>
> and while I can kinit successfully, I cannot use the resulting ticket to
> connect:
>
> # ldbsearch -H ldap://<hostname> --kerberos=yes
> --krb5-ccache=/tmp/krb5cc_0
> Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
> Failed to connect to 'ldap://<name>' with backend 'ldap': (null)
> Failed to connect to ldap://<name> - (null)
>
> Would appreciate a clue.
>
> Steve
>
/tmp/krb5cc_0 is root's cache. Are you issuing the command as root?
Cheers,
Steve Thompson
Jul 13, 2012, 12:00:02 PM7/13/12
to
On Fri, 13 Jul 2012, steve wrote:
> /tmp/krb5cc_0 is root's cache. Are you issuing the command as root?
Yes, for the purposes of this particular test. However, the result is the
> /tmp/krb5cc_0 is root's cache. Are you issuing the command as root?
same if I run as any other user, using the appropriate ticket cache.
0 new messages