[Samba] Samba 4 and GSSAPI kerberos ldap connect
steve at steve-ss.com
Fri Jan 20 07:38:14 MST 2012
>>> I can't find k5start for openSUSE. I'll ask the guys over
>>> at the suse list for that one.
>> Otherwise you could probably compile it yourself.
>>> If I get time, I'll go through this on Ubuntu (where Geza pointed me to
> Thanks again.
Got an old k5start from the openSUSE vaults and got the keytab working
samba-tool domain exportkeytab /etc/nslcd.keytab --principal=nslcd-service
k5start -v -f /etc/nslcd.keytab -u nslcd-service -o nslcd-user -k
Kerberos initialization for nslcd-service at SITE
k5start: authenticating as nslcd-service at SITE
k5start: getting tickets for krbtgt/SITE at SITE
It didn't ask for a password:)
A few bits of stuff.
This is not ideal. It renews every 5 mins, which too often. Probably
need some k5list --help
Maybe /tmp is a bad place to put the cache. On openSUSE (and probably
other distros), anyone can get in there and have a look around.
Don't get this:
ls -la /etc/nslcd.keytab
-rw------- 1 root root 178 Jan 20 15:19 /etc/nslcd.keytab
yet k5start can get at it.
I still think there must be a better way.
More information about the samba