Web lists-archives.com

Re: [Samba] samba 4.9.5 - joining Samba DC to existing Samba AD failed (ldbsearch has not -U and -V)




On Sat, 30 Mar 2019 22:55:20 +0100
Franta Hanzlík <franta@xxxxxxxxxxx> wrote:

> On Fri, 29 Mar 2019 09:00:08 +0000
> Rowland Penny via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > 
> > This is possible, but it is more likely that they are throttled on
> > red-hat distro's because they are not expected to be provisioned as
> > a DC.  
> 
> "they" is who? I build Samba-4.9.5 from official stable release,
>  downloaded from URL above. 

'they' are the ldb-tools (ldbsearch, ldbmodify etc)

>  
> > I did some checking and I have a couple of extra libs linked to
> > ldbsearch:
> > 
> > libtdb.so.1 => /lib64/libtdb.so.1 (0x00007f9a7905e000)
> > libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f9a79022000)  
> 
> Those two libs I have too. For your ldbsearch program, I would expect
> that there would be additional libraries as libldap, libsasl2,
> libgssapi, libkrb5 etc. - those, which are needed for network access.

You may have them, but are they linked to ldbsearch, they are on Debian

> 
> But - are not ldb* tools rather like as tdb tools, i.e. tool for work
> with some file types - thus they have not need for network access?

The ldb* tools work pretty much like ldap* tools, they work on a DC
directly to sam.ldb or over the wire via ldap://<DC_NAME>

> 
> > Can you post the configure options used to compile your Samba
> > packages.  
> 
> Sorry, I forgot to include them. It is:
> 
> ./configure
>  --build=x86_64-redhat-linux-gnu
>  --host=x86_64-redhat-linux-gnu
>  --program-prefix=
>  --disable-dependency-tracking
>  --prefix=/usr
>  --exec-prefix=/usr
>  --bindir=/usr/bin
>  --sbindir=/usr/sbin
>  --sysconfdir=/etc
>  --datadir=/usr/share
>  --includedir=/usr/include
>  --libdir=/usr/lib64
>  --libexecdir=/usr/libexec
>  --localstatedir=/var
>  --sharedstatedir=/var/lib
>  --mandir=/usr/share/man
>  --infodir=/usr/share/info
>  --enable-fhs
>  --with-piddir=/run
>  --with-sockets-dir=/run/samba
>  --with-modulesdir=/usr/lib64/samba
>  --with-pammodulesdir=/usr/lib64/security
>  --with-lockdir=/var/lib/samba/lock
>  --with-statedir=/var/lib/samba
>  --with-cachedir=/var/lib/samba
>  --disable-rpath-install
>  --with-shared-modules=idmap_ad,idmap_rid,idmap_ldap,idmap_hash,idmap_tdb2,pdb_tdbsam,pdb_ldap,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4,auth_wbc,auth_unix,auth_server,auth_script,auth_samba4,vfs_dfs_samba4
>  '--bundled-libraries=!zlib,!popt,!talloc,!pytalloc,!pytalloc-util,!tevent,!pytevent,!tdb,!pytdb,!ldb,!pyldb,!pyldb-util'
>  --with-pam
>  --with-pie
>  --with-relro
>  --without-fam
>  --with-cluster-support
>  --with-profiling-data
>  --accel-aes=intelaesni
>  --with-systemd
>  --systemd-install-services
>  --with-systemddir=/usr/lib/systemd/system
>  --systemd-smb-extra=Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba
>  --systemd-nmb-extra=Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba
>  --systemd-winbind-extra=Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba
>  --systemd-samba-extra=Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba
>  --extra-python=/usr/bin/python3
> 
> But now (Errghrreahh), looking at [non]--bundled-libraries, I again
> look from where my ldbsearch really is - and in Fedora it is separate
> package, ldb-tools-1.4.6 (source
> https://www.samba.org/ftp/pub/ldb/ldb-1.4.6.tar.gz).

Yes, it is the same on Debian.

> 
> I tried rebuild it, but result was same as from original Fedora
> package
> - I had only subset of your switches. 

If Fedora has done something to the package because it doesn't expect
to ever have to deal with sam.ldb, then, just rebuilding it will get
the same package.
 
>Not sure, if it is right, but
> as operations on LDB files seems be OK, I'm perhaps not going to solve
> it.

If it works for you, then OK, but I feel you are going to have problems
down the line.

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba