[Samba] nslcd / pam_ldap HowTo

steve steve at steve-ss.com
Thu Aug 29 04:31:03 MDT 2013

On Thu, 2013-08-29 at 01:41 +0200, Marc Muehlfeld wrote:

> https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd
> @All: Please give some feedback. Thanks.

The first 4 bullets of 'Method 2' are unnecessary. Why don't we use what
we already have? How about this instead?

1. For a client joined to the domain, please skip to (3) below.
2. On the DC:
Extract the machine key:
samba-tool domain exportkeytab /etc/krb5.keytab --principal=DC1$
3. Get tickets and create the cache:
k5start -f /etc/krb5.keytab -U -o nslcd -K 60 -b -k /tmp/nslcd.tkt

- Switch bullets 6 and 7: edit /etc/nsswitch.conf _before_ you start

It's unfortunate we still have to cater for the old versions too. The
extra mappings slow things down considerably for large domains
especially as enumeration is enabled.

More information about the samba mailing list