[Samba] Understanding kerberos principals in samba4

steve steve at steve-ss.com
Mon Jul 16 04:59:28 MDT 2012

On 16/07/12 12:10, Quinn Plattel wrote:
> Hi,
> Thanks for the info.  I am now trying two ways to get, for example, the
> nslcd service to work with samba4 kerberos.

The host principals are already there so I can't see why you are trying 
to recreate them. Don't use the host key. Use a separate key to unlock 
the nslcd service so that it cann access the Samba 4 LDAP.

The problem with nslcd in Ubuntu is k5start. The configuration file is 
located In /etc/default/nslcd which prevents it using a Samba4 
principal.  With Samba4, nslcd triggeres k5start and it has no key to 

Set k5start to "No" and start it manually yourself with a keytab you 
have extracted for your nslcd-service. If you do not, you will have to 
manually restart nslcd every 10 hours anyway.


More information about the samba mailing list