Hi!
Did anyone success with samba34 and Windows Server 2008R2 ?
I'm trying to connect to the 2008R2 domain using ADS on the samba34. It worked before our windows admins updated Windows server to the 2008R2 a month ago. As far as I understand R2 introduced new AD features and also they deployed dedicated Windows CA (PKI).
As a result, wbinfo -g and -u do not work anymore and winbind can't connect to the AD/LDAP.
I've installed CA cerificate, the Kerberos and LDAP/SASL SPNEGO works on my system with 2008R2 DC. ldapsearch -ZZ works too. The only problem is a 'ldap' timeout _inside_ my winbindd.
7.3-STABLE FreeBSD 7.3-STABLE #0: Fri Jul 16 09:50:27 MSD 2010 GENERIC amd64
standard system Kerberos (not from ports)
cyrus-sasl-2.1.23_1
openldap-sasl-client-2.4.23
samba34-3.4.9
I have to use client ldap sasl wrapping = sign since 2008R2 requires strong authentication.
Tried ldap timeout = 20000, no changes.
Any suggestions ?
Did anyone success with samba34 and Windows Server 2008R2 ?
I'm trying to connect to the 2008R2 domain using ADS on the samba34. It worked before our windows admins updated Windows server to the 2008R2 a month ago. As far as I understand R2 introduced new AD features and also they deployed dedicated Windows CA (PKI).
As a result, wbinfo -g and -u do not work anymore and winbind can't connect to the AD/LDAP.
I've installed CA cerificate, the Kerberos and LDAP/SASL SPNEGO works on my system with 2008R2 DC. ldapsearch -ZZ works too. The only problem is a 'ldap' timeout _inside_ my winbindd.
7.3-STABLE FreeBSD 7.3-STABLE #0: Fri Jul 16 09:50:27 MSD 2010 GENERIC amd64
standard system Kerberos (not from ports)
cyrus-sasl-2.1.23_1
openldap-sasl-client-2.4.23
samba34-3.4.9
I have to use client ldap sasl wrapping = sign since 2008R2 requires strong authentication.
Code:
2010/12/29 18:04:54, 4] libsmb/namequery_dc.c:143(ads_dc_name)
ads_dc_name: using server='DOCON.OFFICE' IP=192.168.0.120
[2010/12/29 18:04:54, 5] libads/ldap.c:203(ads_try_connect)
ads_try_connect: sending CLDAP request to DOCON.OFFICE (realm: office)
[2010/12/29 18:04:54, 3] libads/ldap.c:621(ads_connect)
Successfully contacted LDAP server 192.168.0.120
[2010/12/29 18:04:54, 3] libads/ldap.c:675(ads_connect)
Connected to LDAP server DOCON.office
[2010/12/29 18:04:54, 4] libads/ldap.c:2851(ads_current_time)
time offset is 0 seconds
[2010/12/29 18:04:54, 4] libads/sasl.c:1112(ads_sasl_bind)
Found SASL mechanism GSS-SPNEGO
[2010/12/29 18:04:54, 3] libads/sasl.c:780(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
[2010/12/29 18:04:54, 3] libads/sasl.c:780(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
[2010/12/29 18:04:54, 3] libads/sasl.c:780(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
[2010/12/29 18:04:54, 3] libads/sasl.c:780(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
[2010/12/29 18:04:54, 3] libads/sasl.c:780(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
[2010/12/29 18:04:54, 3] libads/sasl.c:789(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore
[2010/12/29 18:04:54, 3] libads/ldap.c:995(ads_do_paged_search_args)
ads_do_paged_search_args: ldap_search_with_timeout((objectclass=*)) -> Time limit exceeded
[2010/12/29 18:04:54, 1] libads/ldap_utils.c:111(ads_do_search_retry_internal)
ads reopen failed after error Time limit exceededTried ldap timeout = 20000, no changes.
Any suggestions ?
