[Samba] samba + nslcd
basti
mailinglist at unix-solution.de
Mon Jan 23 14:00:47 UTC 2023
FYI
nslcd works for me with username and password.
I will try sssd.
Thanks Rowland
On 23.01.23 14:30, Rowland Penny via samba wrote:
>
>
> On 23/01/2023 12:46, basti via samba wrote:
>> Hello,
>>
>> we have a Linux machine that need the UID's / GID's from samba AD.
>> So we setup nslcd like https://wiki.samba.org/index.php/Nslcd
>>
>> nslcd is run in debug mode and the error is as follow:
>>
>> nslcd: [8b4567] <passwd="testuser"> DEBUG:
>> ldap_initialize(ldap://dc1.samdom.example.com/)
>> nslcd: [8b4567] <passwd="testuser"> DEBUG: ldap_set_rebind_proc()
>> nslcd: [8b4567] <passwd="testuser"> DEBUG:
>> ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
>> nslcd: [8b4567] <passwd="testuser"> DEBUG:
>> ldap_set_option(LDAP_OPT_DEREF,0)
>> nslcd: [8b4567] <passwd="testuser"> DEBUG:
>> ldap_set_option(LDAP_OPT_TIMELIMIT,0)
>> nslcd: [8b4567] <passwd="testuser"> DEBUG:
>> ldap_set_option(LDAP_OPT_TIMEOUT,0)
>> nslcd: [8b4567] <passwd="testuser"> DEBUG:
>> ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
>> nslcd: [8b4567] <passwd="testuser"> DEBUG:
>> ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_OFF)
>> nslcd: [8b4567] <passwd="testuser"> DEBUG:
>> ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
>> nslcd: [8b4567] <passwd="testuser"> DEBUG:
>> ldap_sasl_interactive_bind_s(NULL,"GSSAPI")
>> (uri="ldap://dc1.samdom.example.com/")
>> nslcd: [8b4567] <passwd="testuser"> DEBUG: do_sasl_interact(): were
>> asked for sasl_authzid but we don't have any
>> nslcd: [8b4567] <passwd="testuser"> failed to bind to LDAP server
>> ldap://dc1.samdom.example.com/: Local error: SASL(-1): generic
>> failure: GSSAPI Error: Miscellaneous failure (see text)
>> (get-principal lstat(/tmp/nslcd.tkt)): No such file or directory
>> nslcd: [8b4567] <passwd="testuser"> DEBUG: ldap_unbind()
>> nslcd: [8b4567] <passwd="testuser"> no available LDAP server found,
>> sleeping 1 seconds
>>
>> The linux machine is not a domain member and should not be one
>
> Why not ?
>
> and there
>> is no samba stuff installed on this machine.
>>
>> Do I also need Kerberos here?
>
> Yes, 'GSSAPI' and ''nslcd.txt' should have told you this.
> Which means that you either need Samba or sssd,in which case you
> wouldn't need nslcd.
>
> It has been sometime since I set up nslcd, but I seem to remember that
> you could use a username and password, but that will mean storing them
> on a non domain joined computer.
>
> Rowland
>
More information about the samba
mailing list