On 29/12/11 11:58, Gémes Géza wrote:
2011-12-29 10:11 keltezéssel, steve írta:
On 29/12/11 10:00, steve wrote:
On 28/12/11 21:59, Bernd Markgraf wrote:
You should create a user in AD for nss-ldap and extract a keytab
for it
(samba-tool domain exportkeytab --principal=....) and configure
nss-ldap
to use that keytab for authenticating. Most probably you aren't
allowed
to bind anonymously to your AD server (you can try with ldapsearch -x)
LDAP works with an anonymous bind. You need the Kerberos keytab for
authentication though.
steve@hh3:~> ldapsearch -x
# extended LDIF
#
# LDAPv3
# base<DC=hh3,DC=site> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 1 Operations error
text: 00002020: Operation unavailable without authentication
# numResponses: 1
I found this usage:
samba-tool export keytab PATH_TO_KEYTAB
How can I find my PATH_TO_KEYTAB
?
Thanks
Can't get the syntax right:
samba-tool domain exportkeytab /var/lib/named/master --principal
Usage: samba-tool domain exportkeytab<keytab> [options]
samba-tool domain exportkeytab: error: --principal option requires an
argument
samba-tool domain exportkeytab
/path/to/the/keytab/file/you/want/to/create/or/update
--principal=the_name(samAccountName_or_spn_created_with_samba-tool_spn)_of_the_principal_you_want_to_extract
Regards
Geza
Tried:
samba-tool domain exportkeytab /etc/krb5.keytab --principal=steve4
restarted samba but:
su steve4
su: user steve4 does not exist
Am I getting close or should I give up now?!
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
