[Samba] objectClass:posixAccount missing

Luca Olivetti luca at wetron.es
Thu Aug 29 12:17:46 MDT 2013 

Al 29/08/13 12:06, En/na steve ha escrit:

> We have sssd covered here:
> http://linuxcostablanca.blogspot.com.es/2013/04/sssd-in-samba-40.html

Well, that's doesn't seem to be complete (at least to a kerberos newbie
like me).

For example, it's missing the step to create /etc/krb5.keytab
I used

/usr/local/samba/bin/samba-tool domain exportkeytab /etc/krb5.keytab
--principal=HP$

but then sssd complains that

[[sssd[ldap_child[2300]]]] [ldap_child_get_tgt_sync] (0x0100): Principal
name is: [HP$@WETRON.ES]
[[sssd[ldap_child[2300]]]] [ldap_child_get_tgt_sync] (0x0100): Using
keytab [/etc/krb5.keytab]
[[sssd[ldap_child[2300]]]] [ldap_child_get_tgt_sync] (0x0100): Will
canonicalize principals
[[sssd[ldap_child[2300]]]] [prepare_response] (0x0400): Building
response for result [0]
[[sssd[ldap_child[2300]]]] [main] (0x0400): ldap_child completed
successfully
[sssd[be[default]]] [read_pipe_handler] (0x0400): EOF received, client
finished
[sssd[be[default]]] [sdap_get_tgt_recv] (0x0400): Child responded: 0
[FILE:/var/lib/sss/db/ccache_WETRON.ES], expired on [1377842615]
[sssd[be[default]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900
[sssd[be[default]]] [sasl_bind_send] (0x0100): Executing sasl bind mech:
gssapi, user: HP$
[sssd[be[default]]] [sasl_bind_send] (0x0020): ldap_sasl_bind failed
(-2)[Local error]
[sssd[be[default]]] [sasl_bind_send] (0x0080): Extended failure message:
[SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.
Minor code may provide more information (Server not found in Kerberos
database)]


BTW, installing sssd from rpm (mageia 3, which provides 1.9.4) causes
locally built samba to not start anymore (since there is some
conflicting library and samba will use the "bad" library in /usr/lib64
instead of the one under /usr/local/samba), so, in my specific case, I
cannot really say 'you'll not believe how simple this is' ;-)

nslcd seems simpler (at least I got it working)


Bye
-- 
Luca Olivetti
Wetron Automation Technology http://www.wetron.es
Tel. +34 935883004  Fax +34 935883007

More information about the samba mailing list