[Samba] Cannot bind to AD using nslcd

Min Wai Chan dcmwai at gmail.com
Wed Nov 19 10:07:01 MST 2014


Hi Rob,

What is not working now...

once using AD DC you cannot think of unix password sync anymore..

When using unix password sync, there are a local account and password.

But in AD DC + Nslcd...

We need the help from Pam or Native LDAP/AD

So the program you use must use pam authentication or LDAP/AD




On Thu, Nov 20, 2014 at 12:58 AM, Rob Mason <rob.mason at acasta.co.uk> wrote:

> On 19/11/2014 16:51, Rowland Penny wrote:
> > On 19/11/14 16:42, Rob Mason wrote:
> >> <--snip-->
> >>
> >> OK, can you confirm that you are using samba 4.1.11 from backports,
> >> you have
> >> created the user 'nslcd-connect' in AD and you are trying to ssh into
> >> the AD
> >> DC .
> >>
> >> Rowland
> >>
> >> ------------------
> >>
> >> Thanks again!
> >>
> >> Yes - in this order:-
> >>
> >> # apt-get install -t wheezy-backports samba smbclient krb5-config
> >> krb5-user
> >> # samba-tool domain provision --use-rfc2307 --interactive
> >> # ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf
> >>
> >> Tested OK using:
> >>
> >> # host -t SRV _ldap._tcp.acasta.intra.
> >> # host -t SRV _kerberos._udp. acasta.intra.
> >> # host -t A kepler. acasta.intra.
> >> # kinit administrator at ACASTA.INTRA
> >> # klist
> >>
> >> I am trying to ssh into my AD-DC box using a domain account (as a
> >> starter!)
> >>
> >>
> > OK, in which case why don't you just use winbind ? it works for me,
> > exactly the same configuration as you, or do want to do something else
> > and if so what ?
> >
> > Rowland
> >
>
> Hi Rowland - it's probably my misunderstanding, but basically, I'm
> aiming to authenticate all network services (smtp, imap, file and print)
> to the AD in order to take advantage of a single domain account per
> user.   I achieved all of this under samba3 using 'unix password sync'.
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list