[Samba] nslcd service - "Client not found in Kerberos database"
qiet72 at gmail.com
Thu Jul 12 12:30:35 MDT 2012
Thanks for the info - that helps a lot!
I can see that the /etc/init.d/nslcd script in Ubuntu needs modifying in
order for k5start to work. It uses -u to specify an alternate principal
which you don't use in your example.
The script uses "host/client.example.com" as an alternate principal - can
you not use that principal format instead of just a user name?
On Thu, Jul 12, 2012 at 3:08 PM, steve <steve at steve-ss.com> wrote:
> On 12/07/12 10:41, Quinn Plattel wrote:
>> I am trying to configure the nslcd service on an Ubuntu client for
>> authentication against samba4. My /etc/nslcd.conf contains the following:
>> uid nslcd
>> gid nslcd
>> uri ldapi:///cofil01.mydomain.net
>> base dc=mydomain,dc=net
>> sasl_mech GSSAPI
>> krb5_ccname FILE:/tmp/host.tkt
> Hi Quinn
> It can't authenticate because it doesn't know which principal to use.
> 1.Include the realm after the GSSAPI line:
> sasl_realm MYDOMAIN.NET
> 2. Create an AD user e.g. nslcd-service
> samba-tool user add nslcd-service
> 3. extract the keytab:
> samba-tool domain exportkeytab /etc/nslcd.keytab --principal=nslcd-service
> 4.edit /etc/default/nslcd to contain: K5START_START="no"
> 5. start the service
> k5start -f /etc/nslcd.keytab -U -o nslcd -K 540 -k /tmp/host.tkt &
> service nslcd start
> That's it.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
Best regards/Med venlig hilsen,
More information about the samba