[Samba] Cannot bind to AD using nslcd

Rob Mason rob.mason at acasta.co.uk
Wed Nov 19 09:58:11 MST 2014


On 19/11/2014 16:51, Rowland Penny wrote:
> On 19/11/14 16:42, Rob Mason wrote:
>> <--snip-->
>>
>> OK, can you confirm that you are using samba 4.1.11 from backports,
>> you have
>> created the user 'nslcd-connect' in AD and you are trying to ssh into
>> the AD
>> DC .
>>
>> Rowland
>>
>> ------------------
>>
>> Thanks again!
>>
>> Yes - in this order:-
>>
>> # apt-get install -t wheezy-backports samba smbclient krb5-config
>> krb5-user
>> # samba-tool domain provision --use-rfc2307 --interactive
>> # ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf
>>
>> Tested OK using:
>>
>> # host -t SRV _ldap._tcp.acasta.intra.
>> # host -t SRV _kerberos._udp. acasta.intra.
>> # host -t A kepler. acasta.intra.
>> # kinit administrator at ACASTA.INTRA
>> # klist
>>
>> I am trying to ssh into my AD-DC box using a domain account (as a
>> starter!)
>>
>>
> OK, in which case why don't you just use winbind ? it works for me,
> exactly the same configuration as you, or do want to do something else
> and if so what ?
>
> Rowland
>

Hi Rowland - it's probably my misunderstanding, but basically, I'm
aiming to authenticate all network services (smtp, imap, file and print)
to the AD in order to take advantage of a single domain account per
user.   I achieved all of this under samba3 using 'unix password sync'.






More information about the samba mailing list