nslcd + Samba 4
Andrew Bartlett
abartlet at samba.org
Fri Feb 15 20:44:06 MST 2013
On Sat, 2013-02-09 at 16:22 +0000, Roberto Farias wrote:
> Hello everyone.
>
> How is it possible to authenticate users through LDAP base of Samba 4 using the
> machine in nslcd server and clients?
>
> My configuration:
>
> /etc/nslcd.conf:
>
> uid nslcd
> gid nslcd
>
> uri ldap://server.example.com
> base DC=example,DC=com
>
> binddn CN=Administrator,CN=Users,DC=example,DC=com
> bindpw MySecret
>
> map passwd uid samAccountName
> passwd map homeDirectory unixHomeDirectory
> map uniqueMember group member
>
> sasl_mech GSSAPI
> sasl_realm EXAMPLE.COM
> krb5_ccname /tmp/krb5cc_0
>
> /etc/default/nslcd:
>
> K5START_START = "yes"
>
> K5START_BIN = /usr/bin/k5start
> K5START_KEYTAB = /etc/krb5.keytab
> K5START_CCREFRESH = 60
> K5START_PRINCIPAL = "host/$(hostname-f)"
>
> Error message when you start nslcd:
>
> Starting Keep alive Kerberos ticket: k5startk5start: error getting credentials:
> Client not found in Kerberos database
> failed!
This happens because Samba is an AD DC, not a normal KDC. To connect to
the AD DC, you would have to use the username or userPrincipalName of
the account, not it's servicePrincipalName. eg hostname$
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list