[Samba] login via Samba 4 LDAP

Gémes Géza geza at kzsdabas.hu
Thu Dec 29 03:58:07 MST 2011


2011-12-29 10:11 keltezéssel, steve írta:
> On 29/12/11 10:00, steve wrote:
>> On 28/12/11 21:59, Bernd Markgraf wrote:
>>>> You should create a user in AD for nss-ldap and extract a keytab
>>>> for it
>>>> (samba-tool domain exportkeytab --principal=....) and configure
>>>> nss-ldap
>>>> to use that keytab for authenticating. Most probably you aren't
>>>> allowed
>>>> to bind anonymously to your AD server (you can try with ldapsearch -x)
>>> LDAP works with an anonymous bind. You need the Kerberos keytab for
>>> authentication though.
>>>
>>
>> steve at hh3:~> ldapsearch -x
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <DC=hh3,DC=site> (default) with scope subtree
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> # search result
>> search: 2
>> result: 1 Operations error
>> text: 00002020: Operation unavailable without authentication
>>
>> # numResponses: 1
>>
>>
>>
>> I found this usage:
>>
>> samba-tool export keytab PATH_TO_KEYTAB
>>
>> How can I find my PATH_TO_KEYTAB
>> ?
>> Thanks
>
> Can't get the syntax right:
>
>  samba-tool domain exportkeytab  /var/lib/named/master --principal
>
> Usage: samba-tool domain exportkeytab <keytab> [options]
>
> samba-tool domain exportkeytab: error: --principal option requires an
> argument
>
samba-tool domain exportkeytab
/path/to/the/keytab/file/you/want/to/create/or/update
--principal=the_name(samAccountName_or_spn_created_with_samba-tool_spn)_of_the_principal_you_want_to_extract

Regards

Geza


More information about the samba mailing list