ldapsearch sur RODC
Publié : 09 juin 2020 - 14:24
Bonjour,
Je viens de créer un rodc connecter sur un ad1 tout les deux en version 4.11.6 et je souhaiterai pouvoir connecter mes appli en ldap sur le rodc.
Est-ce que cela est envisageable?
Merci d'avance pour vos retours d'experience car pour le moment cela ne fonctionne pas dans mes tests, j'ai ce genre de retour sur ma commande ldapsearch :
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 40, v1db1
et ce genre de log :
[2020/06/09 12:18:46.845786, 3] ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2020/06/09 12:18:46.850433, 3] ../../source4/auth/ntlm/auth.c:240(auth_check_password_send)
auth_check_password_send: Checking password for unmapped user [(null)]\[adm-test@domain.local]@[(null)]
auth_check_password_send: user is: [DOMAIN]\[adm-test]@[(null)]
[2020/06/09 12:18:46.852915, 1] ../../source4/dsdb/samdb/ldb_modules/rootdse.c:518(rootdse_add_dynamic)
rootdse_add_dynamic: Failed to convert GUID into full DN in rootDSE for dsServiceName: <GUID=748b1765-24c5-44f0-b509-da38bf3e77e9>: Base-DN '<GUID=748b1765-24c5-44f0-b509-da38bf3e77e9>' not found
[2020/06/09 12:18:46.853228, 1] ../../source4/dsdb/common/util.c:1397(samdb_ntds_settings_dn)
Searching for dsServiceName in rootDSE failed: Failed to find full DN for dsServiceName: <GUID=748b1765-24c5-44f0-b509-da38bf3e77e9>
[2020/06/09 12:18:46.853401, 1] ../../source4/dsdb/common/util.c:1418(samdb_ntds_settings_dn)
Failed to find our own NTDS Settings DN in the ldb!
[2020/06/09 12:18:46.853660, 3] ../../source4/dsdb/repl/drepl_secret.c:145(drepl_repl_secret)
../../source4/dsdb/repl/drepl_secret.c:145: started secret replication for CN=adm-test,OU=SYSTEME,OU=USERS,OU=YS,DC=domain,DC=local
[2020/06/09 12:18:46.854850, 5] ../../source4/auth/ntlm/auth.c:69(auth_get_challenge)
auth_get_challenge: returning previous challenge by module random (normal)
[2020/06/09 12:18:46.855007, 5] ../../source4/auth/ntlm/auth.c:69(auth_get_challenge)
auth_get_challenge: returning previous challenge by module random (normal)
[2020/06/09 12:18:46.855255, 5] ../../source3/winbindd/winbindd_irpc.c:210(wb_irpc_SamLogon)
wb_irpc_SamLogon called
[2020/06/09 12:18:46.866485, 3] ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
ldb_wrap open of idmap.ldb
[2020/06/09 12:18:46.949594, 3] ../../source4/dsdb/repl/drepl_secret.c:53(drepl_repl_secret_callback)
../../source4/dsdb/repl/drepl_secret.c:53: repl secret failed for user CN=adm-test,OU=SYSTEME,OU=USERS,OU=YS,DC=domain,DC=local - WERR_DS_DRA_BAD_DN: extended_ret[0x0
[2020/06/09 12:18:50.424578, 0] ../../source3/winbindd/winbindd_irpc.c:55(wb_irpc_forward_callback)
RPC callback failed for winbind_SamLogon - NT_STATUS_CONNECTION_DISCONNECTED
[2020/06/09 12:18:50.426286, 2] ../../source4/auth/ntlm/auth.c:472(auth_check_password_recv)
auth_check_password_recv: winbind authentication for user [DOMAIN\adm-test] FAILED with error NT_STATUS_CONNECTION_DISCONNECTED, authoritative=1
[2020/06/09 12:18:50.426364, 2] ../../auth/auth_log.c:635(log_authentication_event_human_readable)
Auth: [LDAP,simple bind/TLS] user [(null)]\[adm-test@domain.local] at [Tue, 09 Jun 2020 12:18:50.426344 UTC] with [Plaintext] status [NT_STATUS_CONNECTION_DISCONNECTED] workstation [(null)] remote host [ipv4:127.0.0.1:57600] mapped to [DOMAIN]\[adm-test]. local host [ipv4:127.0.1.1:389]
{"timestamp": "2020-06-09T12:18:50.426440+0000", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "0", "logonType": 8, "status": "NT_STATUS_CONNECTION_DISCONNECTED", "localAddress": "ipv4:127.0.1.1:389", "remoteAddress": "ipv4:127.0.0.1:57600", "serviceDescription": "LDAP", "authDescription": "simple bind/TLS", "clientDomain": null, "clientAccount": "adm-test@domain.local", "workstation": null, "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "adm-test", "mappedDomain": "DOMAIN", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "Plaintext", "duration": 3576941}}
[2020/06/09 12:18:50.428280, 3] ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection - 'ldapsrv_call_wait_done: call->wait_recv() - NT_STATUS_LOCAL_DISCONNECT'
J'ai testé différent paramétrage mais je n'arrive pas a faire fonctionner le ldap.
Toute aide sera apprécié.
Je viens de créer un rodc connecter sur un ad1 tout les deux en version 4.11.6 et je souhaiterai pouvoir connecter mes appli en ldap sur le rodc.
Est-ce que cela est envisageable?
Merci d'avance pour vos retours d'experience car pour le moment cela ne fonctionne pas dans mes tests, j'ai ce genre de retour sur ma commande ldapsearch :
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 40, v1db1
et ce genre de log :
[2020/06/09 12:18:46.845786, 3] ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2020/06/09 12:18:46.850433, 3] ../../source4/auth/ntlm/auth.c:240(auth_check_password_send)
auth_check_password_send: Checking password for unmapped user [(null)]\[adm-test@domain.local]@[(null)]
auth_check_password_send: user is: [DOMAIN]\[adm-test]@[(null)]
[2020/06/09 12:18:46.852915, 1] ../../source4/dsdb/samdb/ldb_modules/rootdse.c:518(rootdse_add_dynamic)
rootdse_add_dynamic: Failed to convert GUID into full DN in rootDSE for dsServiceName: <GUID=748b1765-24c5-44f0-b509-da38bf3e77e9>: Base-DN '<GUID=748b1765-24c5-44f0-b509-da38bf3e77e9>' not found
[2020/06/09 12:18:46.853228, 1] ../../source4/dsdb/common/util.c:1397(samdb_ntds_settings_dn)
Searching for dsServiceName in rootDSE failed: Failed to find full DN for dsServiceName: <GUID=748b1765-24c5-44f0-b509-da38bf3e77e9>
[2020/06/09 12:18:46.853401, 1] ../../source4/dsdb/common/util.c:1418(samdb_ntds_settings_dn)
Failed to find our own NTDS Settings DN in the ldb!
[2020/06/09 12:18:46.853660, 3] ../../source4/dsdb/repl/drepl_secret.c:145(drepl_repl_secret)
../../source4/dsdb/repl/drepl_secret.c:145: started secret replication for CN=adm-test,OU=SYSTEME,OU=USERS,OU=YS,DC=domain,DC=local
[2020/06/09 12:18:46.854850, 5] ../../source4/auth/ntlm/auth.c:69(auth_get_challenge)
auth_get_challenge: returning previous challenge by module random (normal)
[2020/06/09 12:18:46.855007, 5] ../../source4/auth/ntlm/auth.c:69(auth_get_challenge)
auth_get_challenge: returning previous challenge by module random (normal)
[2020/06/09 12:18:46.855255, 5] ../../source3/winbindd/winbindd_irpc.c:210(wb_irpc_SamLogon)
wb_irpc_SamLogon called
[2020/06/09 12:18:46.866485, 3] ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
ldb_wrap open of idmap.ldb
[2020/06/09 12:18:46.949594, 3] ../../source4/dsdb/repl/drepl_secret.c:53(drepl_repl_secret_callback)
../../source4/dsdb/repl/drepl_secret.c:53: repl secret failed for user CN=adm-test,OU=SYSTEME,OU=USERS,OU=YS,DC=domain,DC=local - WERR_DS_DRA_BAD_DN: extended_ret[0x0
[2020/06/09 12:18:50.424578, 0] ../../source3/winbindd/winbindd_irpc.c:55(wb_irpc_forward_callback)
RPC callback failed for winbind_SamLogon - NT_STATUS_CONNECTION_DISCONNECTED
[2020/06/09 12:18:50.426286, 2] ../../source4/auth/ntlm/auth.c:472(auth_check_password_recv)
auth_check_password_recv: winbind authentication for user [DOMAIN\adm-test] FAILED with error NT_STATUS_CONNECTION_DISCONNECTED, authoritative=1
[2020/06/09 12:18:50.426364, 2] ../../auth/auth_log.c:635(log_authentication_event_human_readable)
Auth: [LDAP,simple bind/TLS] user [(null)]\[adm-test@domain.local] at [Tue, 09 Jun 2020 12:18:50.426344 UTC] with [Plaintext] status [NT_STATUS_CONNECTION_DISCONNECTED] workstation [(null)] remote host [ipv4:127.0.0.1:57600] mapped to [DOMAIN]\[adm-test]. local host [ipv4:127.0.1.1:389]
{"timestamp": "2020-06-09T12:18:50.426440+0000", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "0", "logonType": 8, "status": "NT_STATUS_CONNECTION_DISCONNECTED", "localAddress": "ipv4:127.0.1.1:389", "remoteAddress": "ipv4:127.0.0.1:57600", "serviceDescription": "LDAP", "authDescription": "simple bind/TLS", "clientDomain": null, "clientAccount": "adm-test@domain.local", "workstation": null, "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "adm-test", "mappedDomain": "DOMAIN", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "Plaintext", "duration": 3576941}}
[2020/06/09 12:18:50.428280, 3] ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection - 'ldapsrv_call_wait_done: call->wait_recv() - NT_STATUS_LOCAL_DISCONNECT'
J'ai testé différent paramétrage mais je n'arrive pas a faire fonctionner le ldap.
Toute aide sera apprécié.