On 29/12/11 10:00, steve wrote:
On 28/12/11 21:59, Bernd Markgraf wrote:
You should create a user in AD for nss-ldap and extract a keytab for it
(samba-tool domain exportkeytab --principal=....) and configure
nss-ldap
to use that keytab for authenticating. Most probably you aren't allowed
to bind anonymously to your AD server (you can try with ldapsearch -x)
LDAP works with an anonymous bind. You need the Kerberos keytab for
authentication though.
steve@hh3:~> ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <DC=hh3,DC=site> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 1 Operations error
text: 00002020: Operation unavailable without authentication
# numResponses: 1
I found this usage:
samba-tool export keytab PATH_TO_KEYTAB
How can I find my PATH_TO_KEYTAB
?
Thanks
Can't get the syntax right:
samba-tool domain exportkeytab /var/lib/named/master --principal
Usage: samba-tool domain exportkeytab <keytab> [options]
samba-tool domain exportkeytab: error: --principal option requires an
argument
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
