Web lists-archives.com

[Samba] Using samba-tool from Domain member




Hi list,

I'm trying to work on a script that should not care what DC is up, as long
as one is. I want to be able to use the samba-tool command in our Samba-AD
domain from a domain member, using kerberos.

I have the kinit command granting me a ticket. I want to use that ticket to
remotely add users to the domain controller, while I'm on the domain
member's console. For example:

root@xxxxxxxxxxxxxxxxxxxxxx:~# kinit administrator
Password for administrator@xxxxxxxxxxx:
root@xxxxxxxxxxxxxxxxxxxxxx:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@xxxxxxxxxxx

Valid starting     Expires            Service principal
08/01/19 13:03:00  08/01/19 23:03:00  krbtgt/EXAMPLE.COM@xxxxxxxxxxx
        renew until 09/01/19 13:02:59

root@xxxxxxxxxxxxxxxxxxxxxx:~#   samba-tool user list --kerberos=yes
ERROR(ldb): uncaught exception - ldb_search: invalid basedn '(null)'
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/user.py", line 445,
in run
    attrs=["samaccountname"])


The commands run fine from the domain controller, but we want to run the
commands from a member server. Is this possible, either using
usernames/passwords or kerberos? We are on Debian 9.6, running Samba
4.5.12-Debian (Yes, I know it's EOL for Samba, but it's the latest in the
repo).
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba