[Samba] nslcd service - "Client not found in Kerberos database"
Quinn Plattel
qiet72 at gmail.com
Thu Jul 12 02:41:56 MDT 2012
Hi,
I am trying to configure the nslcd service on an Ubuntu client for kerberos
authentication against samba4. My /etc/nslcd.conf contains the following:
uid nslcd
gid nslcd
uri ldapi:///cofil01.mydomain.net
base dc=mydomain,dc=net
sasl_mech GSSAPI
krb5_ccname FILE:/tmp/host.tkt
I have added the host principal "host/ubuntu-test.mydomain.net @
MYDOMAIN.NET" to /etc/krb5.keytab on both the samba4 server and the client
by using ktutil. I have confirmed that the principals exist on both
machines by using klist -ke /etc/krb5.keytab.
"hostname -f" gives me the fully qualified domain name for the client.
If I restart the nslcd service, I get the following error on the client:
* Starting Keep alive Kerberos ticket k5start
k5start: error getting credentials: Client not found in Kerberos database
On the samba4 server side, in the /var/log/samba/log.samba file, I get
following errors:
Kerberos: AS-REQ host/ubuntu-test.mydomain.net @ MYDOMAIN.NET from ipv4:
10.45.1.55:34456 for krbtgt/MYDOMAIN.NET @ MYDOMAIN.NET
Kerberos: UNKNOWN -- host/ubuntu-test.mydomain.net @ MYDOMAIN.NET: no
such entry found in hdb
It says "no such entry found in hdb", does hdb refer to the
/etc/krb5.keytab principal database or is it referring to a database that I
don't know about?
Note: I have put spaces around all "@" so the list does not interpret them
as e-mail addresses.
br,
Quinn
More information about the samba
mailing list