[Samba] objectClass:posixAccount missing

Fri Aug 30 11:21:01 MDT 2013

Al 30/08/13 18:54, En/na steve ha escrit:

> Bueno, a ver:
> We can say for certain that /etc/krb5.keytab contains the key for
> nslcd-connect
> make sure you have:
> 
> ldap_sasl_mech = gssapi
> ldap_sasl_authid = nslcd-connect at WETRON.ES
> ldap_krb5_keytab = /etc/krb5.keytab
> 
> (note, I think you had a different keytab in an older post. Lose it.)

Done

> 
> Next, can you resolve the kerberos SRV record:
> host -t SRV _kerberos._udp.dc1.wetron.es.

It doesn't resolve, but _kerberos._udp.wetron.es. does

_kerberos._udp.wetron.es has SRV record 0 100 88 hp.wetron.es.

> 
> What do you have for /etc/krb5.conf

[libdefaults]
        default_realm = WETRON.ES
        dns_lookup_realm = true
        dns_lookup_kdc = true

[realms]
 WETRON.ES = {
  kdc = 192.168.4.101
  admin_server = 192.168.4.101
 }

> 
> What does:
> sssd --version 
> give?

1.9.4

In case it matters, sasl is 2.1.25, and I have the relevant plugins
installed:

# rpm -qa *sasl*
lib64sasl2-plug-sasldb-2.1.25-12.mga3
lib64sasl2-2.1.25-12.mga3
cyrus-sasl-2.1.25-12.mga3
lib64sasl2-plug-login-2.1.25-12.mga3
lib64sasl2-plug-plain-2.1.25-12.mga3
lib64sasl2-plug-ldapdb-2.1.25-12.mga3
lib64sasl2-plug-gssapi-2.1.25-12.mga3
lib64sasl2-devel-2.1.25-12.mga3

Bye
-- 
Luca Olivetti
Wetron Automation Technology http://www.wetron.es
Tel. +34 935883004  Fax +34 935883007