[Samba] Kerberos authentication issue after upgrading from 4-14-stable to 4-15-stable
Rowland Penny
rpenny at samba.org
Mon Jan 31 14:35:11 UTC 2022
On Mon, 2022-01-31 at 17:30 +0300, Alex wrote:
> > > > Try reading this:
> > > > https://wiki.samba.org/index.php/Nslcd
> > >
> > > I did read it.
> > Please read it again.
>
> OK..
>
> > > [root at testad etc]# klist -k /etc/krb5.keytab -e
> > > Keytab name: FILE:/etc/krb5.keytab
> > > KVNO Principal
> > > ---- ------------------------------------------------------------
> > > ----
> > > ----------
> > > 1 host/testad.abisoft.biz at ABISOFT.BIZ (des-cbc-crc)
> > As you can see, 'host/fqdn' is in the standard keytab
>
> Exactly. It was auto-created when testad VM has joined the AD.
>
> > > [root at testad ~]# /usr/bin/k5start -f /etc/krb5.keytab -l 1d -o
> > > nslcd
> > > -U -k ./krb5cc_test
> > Please stop doing that, I have never run that command and nslcd
> > works
> > for myself, mind you I do not use the hosts ticket
>
> Why?? nslcd in Centos does not have /etc/default/nslcd file with all
> that keytab stuff setup (which is perfectly outlined in your wiki
> article). So, I have to somehow generate a kerberos cache file which
> nslcd will be able to use.
Doesn't Centos have something similar in /etc/sysconfig ?
>
> > Let me try and break my test setup by trying to use the host
> > ticket.
OK, I have broken it, now to try and fix it.
Rowland
More information about the samba
mailing list