[Samba] Kerberos authentication issue after upgrading from 4-14-stable to 4-15-stable
Alex
samba at abisoft.biz
Fri Jan 28 15:06:08 UTC 2022
Rowland,
> Ok, I have updated https://wiki.samba.org/index.php/Nslcd
On CentOS there's no /etc/default/nslcd config that promotes k5start daemon to start. So I created this systemd service:
[root at vm-corp system]# cat /etc/systemd/system/k5start at .service
[Unit]
Description=Service User Kerberos Auth (Keytab)
After=dbus.service
After=network.target
After=NetworkManager.service
[Service]
Environment="KEYTAB=/usr/local/etc/padl.keytab"
Type=forking
ExecStart=/usr/bin/k5start -f ${KEYTAB} -b -a -K 120 -L -l 1d -k /tmp/krb5cc_%i -U -o %i -p /var/run/k5start_%i.pid
ExecStop=/usr/bin/kill $(/usr/bin/cat /var/run/k5start_%i.pid)
[Install]
WantedBy=multi-user.target
Now I can run as many instances of k5start as needed for each service separately, like:
systemctl start k5start at nslcd.service
systemctl start k5start at apache.service
and have the following TGT caches:
# ls -al /tmp/krb5cc_*
-rw------- 1 apache apache 1302 Jan 28 16:14 /tmp/krb5cc_apache
-rw------- 1 nslcd ldap 2622 Jan 28 16:34 /tmp/krb5cc_nslcd
Feel free to add it to the wiki
--
Best regards,
Alex
More information about the samba
mailing list