[Samba] DC with external LDAP

s mark marksp at indamail.hu
Wed Nov 21 04:27:52 MST 2012


Is there a way to use an external LDAP server with Samba4 (eg. openldap) to authenticate users or
alternatively to sync Samba's internal LDAP with other services like Radius?
My goal is to enter all user credentials to either  an external or Samba4 internal LDAP and make Samba, Radius, etc. use it for authentication / as a master when synchronizing user data.

I already tried:
1. http://techminded.net/blog/install-samba-pdc--ldap-on-debian-squeeze.html (server: Debian 6.05) --> worked with XP clients, but Win7 clients couldn't join to the domain.
2. https://wiki.samba.org/index.php/Samba4/HOWTO (server: RHEL 6.3) --> works fine with all clients, but I can't communicate with internal LDAP, I get this error message when I try a simple ldapsearch:

ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Ticket expired)

I googled around a lot, but haven't found any working solutions yet. Do you know any answer to this problem? Or can you advise an alternative solution?

Thanks in advance,

More information about the samba mailing list