[Samba] nslcd / pam_ldap HowTo

steve steve at steve-ss.com
Thu Aug 29 04:31:03 MDT 2013


On Thu, 2013-08-29 at 01:41 +0200, Marc Muehlfeld wrote:

> 
> https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd
> 
> 
> @All: Please give some feedback. Thanks.

Hi
The first 4 bullets of 'Method 2' are unnecessary. Why don't we use what
we already have? How about this instead?

1. For a client joined to the domain, please skip to (3) below.
2. On the DC:
Extract the machine key:
samba-tool domain exportkeytab /etc/krb5.keytab --principal=DC1$
3. Get tickets and create the cache:
k5start -f /etc/krb5.keytab -U -o nslcd -K 60 -b -k /tmp/nslcd.tkt

- Switch bullets 6 and 7: edit /etc/nsswitch.conf _before_ you start
nslcd.

It's unfortunate we still have to cater for the old versions too. The
extra mappings slow things down considerably for large domains
especially as enumeration is enabled.
HTH
Steve




More information about the samba mailing list