Web lists-archives.com

Re: [Samba] "00002020: Operation unavailable without authentication" using python-ldap




On Sun, 7 Apr 2019 17:34:11 -0400
Jonathon Reinhart <jonathon.reinhart@xxxxxxxxx> wrote:

> Yes, the DC uses only "nameserver 127.0.0.1".  As root, that command
> works.

I would change '127.0.0.1' to the DC's actual IP, there have been
problems reported here that have been found to be down to using
'127.0.0.1'



> > >     kerberos method = system keytab  
> >
> > Please don't use the line above, it stops you using secrets.tdb  
> 
> Okay thanks. I looked but couldn't find any recommendations on the
> "right" choice for "kerberos method". I added this line (changing it
> from the default) so I could SSH w/ Kerberos auth to the DC. I guess
> "secrets and keytab" is the "right" choice then? Did I miss this, or
> should this be expanded upon in the Wiki? What is the effect of not
> using secrets.tdb?

Samba tries to set up smb.conf on a DC with the best settings when you
provision or join it.
Not using secrets.tdb could cause it to go stale.

> Any ideas how I might be able to go about proving this is
> python-ldap's issue or Samba's? I might have to install a MS AD
> server for comparison.

I haven't a clue about python-ldap, mainly because I do not use it, I
only use the ldb-tools, ldbsearch, ldbmodify etc. (which incidently
work with a Windows DC)

What I was trying to point out was, you may find that samba-tool
already does what you are trying or proposing to do and if it doesn't,
you may be able to extend it to do what you require (in which case,
patches are always welcome)

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba