[Samba] nslcd service - "Client not found in Kerberos database"

steve steve at steve-ss.com
Mon Jul 16 08:35:52 MDT 2012

On 16/07/12 15:18, Quinn Plattel wrote:
> Steve,
> An alternate workaround to steps 3,4,5 is to do the following:
> 3: samba-tool domain exportkeytab /etc/krb5.keytab --principal=nslcd-service
> 4: edit /etc/default/nslcd and add the line:
> K5START_PRINCIPAL="nslcd-service"
> 5: start nslcd with "service nslcd start"

Thanks. That's a nice method.

We prefer the separate keytab as it helps readability. With everything 
in /etc/krb5.conf it can get difficult to debug later on.

BTW, there is a newer nslcd/pam/ldapd available which screams:
and an ubuntu package of it:


More information about the samba mailing list