nslcd + Samba 4

steve steve at steve-ss.com
Sun Feb 10 03:43:12 MST 2013


On 09/02/13 17:22, Roberto Farias wrote:
> Hello everyone.
>
> How is it possible to authenticate users through LDAP base of Samba 4 using the
> machine in nslcd server and clients?
>
> My configuration:
>
> /etc/nslcd.conf:
>
> uid nslcd
> gid nslcd
>
> uri ldap://server.example.com
> base DC=example,DC=com
>
> binddn CN=​​Administrator,CN=Users,DC=example,DC=com
> bindpw MySecret
>
> map passwd uid samAccountName
> passwd map homeDirectory unixHomeDirectory
> map uniqueMember group member
>
> sasl_mech GSSAPI
> sasl_realm EXAMPLE.COM
> krb5_ccname /tmp/krb5cc_0
>
> /etc/default/nslcd:
>
> K5START_START = "yes"
>
> K5START_BIN = /usr/bin/k5start
> K5START_KEYTAB = /etc/krb5.keytab
> K5START_CCREFRESH = 60
> K5START_PRINCIPAL = "host/$(hostname-f)"
>
> Error message when you start nslcd:
>
> Starting Keep alive Kerberos ticket: k5startk5start: error getting credentials:
> Client not found in Kerberos database
> failed!
>
> I appreciate the help.
>

Hi
You seem to be trying to to authenticate conventionally and by Kerberos 
at the same time.

Try this:

Comment out this,

K5START_START = "yes"

and this:

binddn CN=​​Administrator,CN=Users,DC=example,DC=com
bindpw MySecret and this:

Restart nslcd.

Now as root:
kinit Administrator

That will produce the ticket cache in /tmp

Now try a getent.
If that goes OK, you can then reinstate k5start.

HTH, Steve



More information about the samba-technical mailing list