[Samba] objectClass:posixAccount missing
steve
steve at steve-ss.com
Fri Aug 30 02:11:21 MDT 2013
On Fri, 2013-08-30 at 00:34 +0200, Luca Olivetti wrote:
> Al 29/08/13 21:54, En/na Rowland Penny ha escrit:
>
> >> Yes, I was trying sssd, but I forgot that I switched back nsswitch.conf
> >> to ldap, so I thought your suggestion was working while it actually
> >> wasn't (same error with Administrator as with HP$).
> >>
> >> Bye
> > Hi, I am replying to you on list, could you please post your sssd.conf
> > and what version of sssd you are using, also what is your OS
>
> OK, now I got sssd working *but* without kerberos.
Hi
I'm not sure what you want. Is this now EOT or do you want to go on and
debug to get gssapi?
If you wish to go on:
samba-tool domain exportkeytab /etc/krb5.sssd.keytab
--principal=nslcd-connect
(You may already have this from your nslcd config)
Kill all nslcd processes.
ldap_sasl_mech = gssapi
ldap_sasl_authid = nslcd-connect
ldap_krb5_keytab = /etc/krb5.sssd.keytab
To get full benefit from sssd I'd recommend the latest version which has
a proper AD backend. e.g. sssd version 1.11.1 gives you id and getent
without requiring the posixAccount objectClass.
1.11.1 is available here:
https://fedorahosted.org/released/sssd/sssd-1.11.0.tar.gz
Salu2 y suerte,
Steve
More information about the samba
mailing list