[Samba] Kerberos authentication issue after upgrading from 4-14-stable to 4-15-stable
L.P.H. van Belle
belle at bazuin.nl
Thu Jan 27 14:53:21 UTC 2022
Ok, last thing i could find.
https://samba.samba.narkive.com/fug9sqxD/4-and-gssapi-kerberos-ldap-connect#post2
Its a 10y old post but read it, i think it might help you find the source of your problem.
That link gives back some old memories here, as wil for Rowland.. ;-)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Alex [mailto:samba at abisoft.biz]
> Verzonden: donderdag 27 januari 2022 15:03
> Aan: L.P.H. van Belle via samba; L.P.H. van Belle
> Onderwerp: Re: [Samba] Kerberos authentication issue after
> upgrading from 4-14-stable to 4-15-stable
>
> >> Any ideas why?
> > No, sorry, thats one i dont know, except that k5start might
> look in a different place which does not exist.
>
> I checked that - it does read the file I specified.
>
> >> The reason to use k5start is b/c some progs can't work with
> >> keytab file directly. For example, nslcd.
>
> > Aha.. But wait, if samba is already handle-ing it.
> > Why not this way..
>
> > (example for kerberos auth in squid )
> > kinit Administrator
>
> > export KRB5_KTNAME=FILE:/etc/squid/HTTP-$(hostname -s).keytab
>
> > net ads_update keytab ADD HTTP/$(hostname -f)
>
> > chmod 640 krb5-squid-HTTP-$(hostname -s).keytab
>
> > chown root:proxy krb5-squid-HTTP-$(hostname -s).keytab
>
> > Adjust it to you needs for nlscd but it shows how todo it.
> > I think what will work also.
>
> B/c (as I said) nslcd is not able to work thru a keytab file.
> It only supports ready-to-use TGT:
> sasl_mech GSSAPI
> krb5_ccname /tmp/krb5cc_nslcd
>
>
> --
> Best regards,
> Alex
>
>
More information about the samba
mailing list