[Pkg-samba-maint] Debian Jessie Samba 4 recursive lookup issue

Thu Apr 19 09:48:08 BST 2018

)

2018-04-18 23:31 GMT+02:00 Eoin Kim <Eoin.Kim at rcst.com.au>:
> Hello Mathieu,
>

Hello,

>
> First of all, my apologies for sending an email to you directly regarding
> the issue I am having. I searched the Internet to find solutions as possible
> as I could but I didn’t have any luck so far.

I've CC-ed the mailing list which is the proper way to ask support.

> Therefore, I am asking you a
> help if possible. I installed Samba 4 from my Debian Jessie using apt-get.
> The version is 4.2.14+dfsg-0+deb8u9, which I believe the latest for Jessie.
> I provisioned the Active Directory domain without any issues. After that, I
> installed another service which uses LDAP authentication in my other Debian
> Jessie host.
>

Samba in jessie is pretty old. And it has an unpatched security hole as AD-DC:
https://security-tracker.debian.org/tracker/CVE-2018-1057

Please use stretch instead.

>
> During the LDAP authentication setup, I configured the filter option that
> includes LDAP_MATCHING_RULE_IN_CHAIN (memberOf:1.2.840.113556.1.4.1941), and
> it didn’t work. I also tried ldbsearch from command line directly on the
> Samba host and no luck. The below is the result.
>
>
>
> # ldbsearch -H /var/lib/samba/private/sam.ldb -s sub -b "dc=lab,dc=domain"
> '(memberOf:1.2.840.113556.1.4.1941:=CN=SG-Icinga2_Users,OU=Security
> Groups,OU=LAB Groups,DC=lab,DC=domain)'
>
> ldb: unknown extended rule_id 1.2.840.113556.1.4.1941
>
>
>
> Is this not supported in Samba entirely or just Samba 4.2? If it is
> supported in other versions, could you please tell me which version will be
> working with Debian Jessie? I really need this feature to make my other
> service work well. Sorry again for direct email. I look forward to your
> response. Thanks a lot.
>

It probably were implemented in 4.3 or 4.4.

>
> Eoin Kim
>
> Systems Administrator
[...]

Regards
-- 
Mathieu Parent