[Samba] Understanding kerberos principals in samba4
steve at steve-ss.com
Mon Jul 16 04:59:28 MDT 2012
On 16/07/12 12:10, Quinn Plattel wrote:
> Thanks for the info. I am now trying two ways to get, for example, the
> nslcd service to work with samba4 kerberos.
The host principals are already there so I can't see why you are trying
to recreate them. Don't use the host key. Use a separate key to unlock
the nslcd service so that it cann access the Samba 4 LDAP.
The problem with nslcd in Ubuntu is k5start. The configuration file is
located In /etc/default/nslcd which prevents it using a Samba4
principal. With Samba4, nslcd triggeres k5start and it has no key to
Set k5start to "No" and start it manually yourself with a keytab you
have extracted for your nslcd-service. If you do not, you will have to
manually restart nslcd every 10 hours anyway.
More information about the samba