nslcd + Samba 4
steve
steve at steve-ss.com
Sun Feb 10 03:43:12 MST 2013
On 09/02/13 17:22, Roberto Farias wrote:
> Hello everyone.
>
> How is it possible to authenticate users through LDAP base of Samba 4 using the
> machine in nslcd server and clients?
>
> My configuration:
>
> /etc/nslcd.conf:
>
> uid nslcd
> gid nslcd
>
> uri ldap://server.example.com
> base DC=example,DC=com
>
> binddn CN=Administrator,CN=Users,DC=example,DC=com
> bindpw MySecret
>
> map passwd uid samAccountName
> passwd map homeDirectory unixHomeDirectory
> map uniqueMember group member
>
> sasl_mech GSSAPI
> sasl_realm EXAMPLE.COM
> krb5_ccname /tmp/krb5cc_0
>
> /etc/default/nslcd:
>
> K5START_START = "yes"
>
> K5START_BIN = /usr/bin/k5start
> K5START_KEYTAB = /etc/krb5.keytab
> K5START_CCREFRESH = 60
> K5START_PRINCIPAL = "host/$(hostname-f)"
>
> Error message when you start nslcd:
>
> Starting Keep alive Kerberos ticket: k5startk5start: error getting credentials:
> Client not found in Kerberos database
> failed!
>
> I appreciate the help.
>
Hi
You seem to be trying to to authenticate conventionally and by Kerberos
at the same time.
Try this:
Comment out this,
K5START_START = "yes"
and this:
binddn CN=Administrator,CN=Users,DC=example,DC=com
bindpw MySecret and this:
Restart nslcd.
Now as root:
kinit Administrator
That will produce the ticket cache in /tmp
Now try a getent.
If that goes OK, you can then reinstate k5start.
HTH, Steve
More information about the samba-technical
mailing list