[Authentication] Realm can not join Samba4 Domain
Niklas Andersson
niklas.andersson at openforce.se
Sun May 4 11:10:03 PDT 2014
Hi,
I am doing some automated testing setting up Samba4 AD DC and Realmd.
The thing is that realm discover [Samba4-domain] gives an error:
vagrant at client002:~$ realm discover -v openforce.org
* Resolving: _ldap._tcp.openforce.org
* Performing LDAP DSE lookup on: 192.168.33.2
! Received invalid or unsupported Netlogon data from server
openforce.org
type: kerberos
realm-name: OPENFORCE.ORG
domain-name: openforce.org
configured: no
..it works when you do a discover of a Microsoft Active Directory-domain.
I think the problem lies in Samba4 AD DC not exposing certain capabilities.
The code in question in realmd is this:
realm_disco_mscldap_request (LDAP *ldap,
int *msgidp,
GError **error)
{
char *attrs[] = { "NetLogon", NULL };
int rc;
rc = ldap_search_ext (ldap, "", LDAP_SCOPE_BASE,
"(&(NtVer=\\06\\00\\00\\00)(AAC=\\00\\00\\00\\00))",
attrs, 0, NULL, NULL, NULL,
-1, msgidp);
if (rc != LDAP_SUCCESS) {
realm_ldap_set_error (error, ldap, rc);
return FALSE;
}
return TRUE;
}
Sorry, I haven't been able to decipher the LDAP-query further, I was also
able to see this using Wireshark when I wiretapped the connection.
Samba4 AD DC returns nothing, while MS AD returns...something. I haven't
been able to reproduce the query. There is something going on with
anonymous binding, and there is a query send with "NetLogon", but I haven't
been able to reproduce this query manually with any success.
FYI: I am using samba4 4.1.6 from the Ubuntu-repo. If you know of any PPA
with current trunk, I would be grateful for that information.
Regards,
Niklas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/authentication/attachments/20140504/aabf8c7a/attachment.html>
More information about the Authentication
mailing list