[Samba] login via Samba 4 LDAP

steve steve at steve-ss.com
Thu Dec 29 02:00:43 MST 2011

On 28/12/11 21:59, Bernd Markgraf wrote:
>> You should create a user in AD for nss-ldap and extract a keytab for it
>> (samba-tool domain exportkeytab --principal=....) and configure nss-ldap
>> to use that keytab for authenticating. Most probably you aren't allowed
>> to bind anonymously to your AD server (you can try with ldapsearch -x)
> LDAP works with an anonymous bind. You need the Kerberos keytab for
> authentication though.

steve at hh3:~> ldapsearch -x
# extended LDIF
# LDAPv3
# base <DC=hh3,DC=site> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL

# search result
search: 2
result: 1 Operations error
text: 00002020: Operation unavailable without authentication

# numResponses: 1

I found this usage:

samba-tool export keytab PATH_TO_KEYTAB

How can I find my PATH_TO_KEYTAB

More information about the samba mailing list