[Samba] Samba 4 kerberos and kinit

Michael Wood esiotrot at gmail.com
Sun Jan 15 08:04:49 MST 2012

On 14 January 2012 12:52, steve <steve at steve-ss.com> wrote:
> On 14/01/12 03:19, Michael Wood wrote:
>> On 14 January 2012 01:24, steve<steve at steve-ss.com>  wrote:
>>> drwxr-xr-x 118 root root  12288 Jan 13 23:55 etc
>>> -rw------- 1 root root 1225 Jan 13 12:12 krb5.keytab
>> That's fine, but is that what nslcd is using?
> Ah. Well spotted! The nslcd docs recommends you run it as a separate user,
> so I created a user and group for nslcd and specified them in nslcd.conf.
> nslcd is running as nslcd:nslcd So nslcd can't get inside the keytab. Is
> that correct? (can't test it as am not by the DC at the moment)

Sounds likely.

So you probably need to export a keytab for your nslcd principal to a
new keytab (e.g. /var/run/nslcd/nslcd.tkt) and make sure that nslcd
has permission to read it.  No other user should have read access.

Michael Wood <esiotrot at gmail.com>

More information about the samba mailing list