[Samba] samba + nslcd

basti mailinglist at unix-solution.de
Mon Jan 23 14:00:47 UTC 2023 

FYI
nslcd works for me with username and password.
I will try sssd.

Thanks Rowland

On 23.01.23 14:30, Rowland Penny via samba wrote:
> 
> 
> On 23/01/2023 12:46, basti via samba wrote:
>> Hello,
>>
>> we have a Linux machine that need the UID's / GID's from samba AD.
>> So we setup nslcd like https://wiki.samba.org/index.php/Nslcd
>>
>> nslcd is run in debug mode and the error is as follow:
>>
>> nslcd: [8b4567] <passwd="testuser"> DEBUG: 
>> ldap_initialize(ldap://dc1.samdom.example.com/)
>> nslcd: [8b4567] <passwd="testuser"> DEBUG: ldap_set_rebind_proc()
>> nslcd: [8b4567] <passwd="testuser"> DEBUG: 
>> ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
>> nslcd: [8b4567] <passwd="testuser"> DEBUG: 
>> ldap_set_option(LDAP_OPT_DEREF,0)
>> nslcd: [8b4567] <passwd="testuser"> DEBUG: 
>> ldap_set_option(LDAP_OPT_TIMELIMIT,0)
>> nslcd: [8b4567] <passwd="testuser"> DEBUG: 
>> ldap_set_option(LDAP_OPT_TIMEOUT,0)
>> nslcd: [8b4567] <passwd="testuser"> DEBUG: 
>> ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
>> nslcd: [8b4567] <passwd="testuser"> DEBUG: 
>> ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_OFF)
>> nslcd: [8b4567] <passwd="testuser"> DEBUG: 
>> ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
>> nslcd: [8b4567] <passwd="testuser"> DEBUG: 
>> ldap_sasl_interactive_bind_s(NULL,"GSSAPI") 
>> (uri="ldap://dc1.samdom.example.com/")
>> nslcd: [8b4567] <passwd="testuser"> DEBUG: do_sasl_interact(): were 
>> asked for sasl_authzid but we don't have any
>> nslcd: [8b4567] <passwd="testuser"> failed to bind to LDAP server 
>> ldap://dc1.samdom.example.com/: Local error: SASL(-1): generic 
>> failure: GSSAPI Error:  Miscellaneous failure (see text) 
>> (get-principal lstat(/tmp/nslcd.tkt)): No such file or directory
>> nslcd: [8b4567] <passwd="testuser"> DEBUG: ldap_unbind()
>> nslcd: [8b4567] <passwd="testuser"> no available LDAP server found, 
>> sleeping 1 seconds
>>
>> The linux machine is not a domain member and should not be one 
> 
> Why not ?
> 
> and there
>> is no samba stuff installed on this machine.
>>
>> Do I also need Kerberos here?
> 
> Yes, 'GSSAPI' and ''nslcd.txt' should have told you this.
> Which means that you either need Samba or sssd,in which case you 
> wouldn't need nslcd.
> 
> It has been sometime since I set up nslcd, but I seem to remember that 
> you could use a username and password, but that will mean storing them 
> on a non domain joined computer.
> 
> Rowland
>

More information about the samba mailing list