[Samba] Kerberos authentication issue after upgrading from 4-14-stable to 4-15-stable
Alex
samba at abisoft.biz
Mon Jan 31 14:30:45 UTC 2022
>> > Try reading this:
>> > https://wiki.samba.org/index.php/Nslcd
>>
>> I did read it.
> Please read it again.
OK..
>> [root at testad etc]# klist -k /etc/krb5.keytab -e
>> Keytab name: FILE:/etc/krb5.keytab
>> KVNO Principal
>> ---- ----------------------------------------------------------------
>> ----------
>> 1 host/testad.abisoft.biz at ABISOFT.BIZ (des-cbc-crc)
> As you can see, 'host/fqdn' is in the standard keytab
Exactly. It was auto-created when testad VM has joined the AD.
>> [root at testad ~]# /usr/bin/k5start -f /etc/krb5.keytab -l 1d -o nslcd
>> -U -k ./krb5cc_test
> Please stop doing that, I have never run that command and nslcd works
> for myself, mind you I do not use the hosts ticket
Why?? nslcd in Centos does not have /etc/default/nslcd file with all that keytab stuff setup (which is perfectly outlined in your wiki article). So, I have to somehow generate a kerberos cache file which nslcd will be able to use.
> Let me try and break my test setup by trying to use the host ticket.
Thanks!
--
Best regards,
Alex
More information about the samba
mailing list