[Samba] Samba 4 kerberos and kinit
esiotrot at gmail.com
Fri Jan 13 19:19:49 MST 2012
On 14 January 2012 01:24, steve <steve at steve-ss.com> wrote:
> On 13/01/12 23:46, Michael Wood wrote:
>> On 13 January 2012 14:00, steve<steve at steve-ss.com> wrote:
>>> Getting somewhere. I've got rid of the Kerberos: Server not found in
>>> database: krbtgt/SITE at HH3.SITE error.
>>> Now samba 4 is giving me this:
>>> ldb_wrap open of secrets.ldb
>>> Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv()
>>> single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv()
>>> and /var/log/messages this:
>>> Jan 13 12:19:39 hh3 nslcd: GSSAPI Error: Unspecified GSS failure.
>>> Minor code may provide more information (Credentials cache permissions
>> What are the permissions on /usr/local/samba,
> drwxr-xr-x 11 root root 4096 Jan 13 04:48 samba
> drwxr-xr-x 9 root root 4096 Jan 14 00:19 private
OK, although private could probably be a bit tighter.
>> and /usr/local/samba/private/secrets.tdb?
> -rw------- 1 root root 1286144 Jan 13 04:51 secrets.ldb
>> And also your keytab and
>> the directory it's in.
> drwxr-xr-x 118 root root 12288 Jan 13 23:55 etc
> -rw------- 1 root root 1225 Jan 13 12:12 krb5.keytab
That's fine, but is that what nslcd is using?
>>> Jan 13 12:19:39 hh3 nslcd: [8b4567] failed to bind to LDAP server
>>> ldap://localhost: Local error
>>> Jan 13 12:19:39 hh3 nslcd: [8b4567] no available LDAP server found
>>> Finally got the new git working. Something must have changed since the
>>> checkout I used because I had to comment out the:
>>> sasl_mech GSSAPI
>>> in /etc/nslcd.conf
>> This is probably related the the above error. i.e. it's refusing to
>> use GSSAPI because you have bad permissions somewhere.
> The perms are above, but it makes me none the wiser. Any ideas what these
> permissions should be? What am I losing bu not using GSSAPI ?
Michael Wood <esiotrot at gmail.com>
More information about the samba