[Samba] samba + nslcd

Rowland Penny rpenny at samba.org
Mon Jan 23 13:30:17 UTC 2023

On 23/01/2023 12:46, basti via samba wrote:
> Hello,
> we have a Linux machine that need the UID's / GID's from samba AD.
> So we setup nslcd like https://wiki.samba.org/index.php/Nslcd
> nslcd is run in debug mode and the error is as follow:
> nslcd: [8b4567] <passwd="testuser"> DEBUG: 
> ldap_initialize(ldap://dc1.samdom.example.com/)
> nslcd: [8b4567] <passwd="testuser"> DEBUG: ldap_set_rebind_proc()
> nslcd: [8b4567] <passwd="testuser"> DEBUG: 
> ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
> nslcd: [8b4567] <passwd="testuser"> DEBUG: 
> ldap_set_option(LDAP_OPT_DEREF,0)
> nslcd: [8b4567] <passwd="testuser"> DEBUG: 
> ldap_set_option(LDAP_OPT_TIMELIMIT,0)
> nslcd: [8b4567] <passwd="testuser"> DEBUG: 
> ldap_set_option(LDAP_OPT_TIMEOUT,0)
> nslcd: [8b4567] <passwd="testuser"> DEBUG: 
> ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
> nslcd: [8b4567] <passwd="testuser"> DEBUG: 
> nslcd: [8b4567] <passwd="testuser"> DEBUG: 
> ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
> nslcd: [8b4567] <passwd="testuser"> DEBUG: 
> ldap_sasl_interactive_bind_s(NULL,"GSSAPI") 
> (uri="ldap://dc1.samdom.example.com/")
> nslcd: [8b4567] <passwd="testuser"> DEBUG: do_sasl_interact(): were 
> asked for sasl_authzid but we don't have any
> nslcd: [8b4567] <passwd="testuser"> failed to bind to LDAP server 
> ldap://dc1.samdom.example.com/: Local error: SASL(-1): generic failure: 
> GSSAPI Error:  Miscellaneous failure (see text) (get-principal 
> lstat(/tmp/nslcd.tkt)): No such file or directory
> nslcd: [8b4567] <passwd="testuser"> DEBUG: ldap_unbind()
> nslcd: [8b4567] <passwd="testuser"> no available LDAP server found, 
> sleeping 1 seconds
> The linux machine is not a domain member and should not be one 

Why not ?

and there
> is no samba stuff installed on this machine.
> Do I also need Kerberos here?

Yes, 'GSSAPI' and ''nslcd.txt' should have told you this.
Which means that you either need Samba or sssd,in which case you 
wouldn't need nslcd.

It has been sometime since I set up nslcd, but I seem to remember that 
you could use a username and password, but that will mean storing them 
on a non domain joined computer.


More information about the samba mailing list