[Samba] Samba 4 kerberos and kinit
Michael Wood
esiotrot at gmail.com
Sun Jan 15 08:04:49 MST 2012
On 14 January 2012 12:52, steve <steve at steve-ss.com> wrote:
> On 14/01/12 03:19, Michael Wood wrote:
>>
>> On 14 January 2012 01:24, steve<steve at steve-ss.com> wrote:
[...]
>>> drwxr-xr-x 118 root root 12288 Jan 13 23:55 etc
>>> -rw------- 1 root root 1225 Jan 13 12:12 krb5.keytab
>>
>> That's fine, but is that what nslcd is using?
>
> Ah. Well spotted! The nslcd docs recommends you run it as a separate user,
> so I created a user and group for nslcd and specified them in nslcd.conf.
> nslcd is running as nslcd:nslcd So nslcd can't get inside the keytab. Is
> that correct? (can't test it as am not by the DC at the moment)
Sounds likely.
So you probably need to export a keytab for your nslcd principal to a
new keytab (e.g. /var/run/nslcd/nslcd.tkt) and make sure that nslcd
has permission to read it. No other user should have read access.
--
Michael Wood <esiotrot at gmail.com>
More information about the samba
mailing list