[Samba] DC with external LDAP

Andrew Bartlett abartlet at samba.org
Wed Nov 21 14:35:08 MST 2012

On Wed, 2012-11-21 at 12:27 +0100, s mark wrote:
> Hi!
> Is there a way to use an external LDAP server with Samba4 (eg. openldap) to authenticate users or
> alternatively to sync Samba's internal LDAP with other services like Radius?
> My goal is to enter all user credentials to either  an external or Samba4 internal LDAP and make Samba, Radius, etc. use it for authentication / as a master when synchronizing user data.
> I already tried:
> 1. http://techminded.net/blog/install-samba-pdc--ldap-on-debian-squeeze.html (server: Debian 6.05) --> worked with XP clients, but Win7 clients couldn't join to the domain.
> 2. https://wiki.samba.org/index.php/Samba4/HOWTO (server: RHEL 6.3) --> works fine with all clients, but I can't communicate with internal LDAP, I get this error message when I try a simple ldapsearch:
> ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Ticket expired)

Could it just be as the message suggests, that your local kerberos
ticket is expired?  Either bind using a simple bind or kinit to refresh
your ticket cache.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list