2011-12-29 10:11 keltezéssel, steve írta: > On 29/12/11 10:00, steve wrote: >> On 28/12/11 21:59, Bernd Markgraf wrote: >>>> You should create a user in AD for nss-ldap and extract a keytab >>>> for it >>>> (samba-tool domain exportkeytab --principal=....) and configure >>>> nss-ldap >>>> to use that keytab for authenticating. Most probably you aren't >>>> allowed >>>> to bind anonymously to your AD server (you can try with ldapsearch -x) >>> LDAP works with an anonymous bind. You need the Kerberos keytab for >>> authentication though. >>> >> >> steve@hh3:~> ldapsearch -x >> # extended LDIF >> # >> # LDAPv3 >> # base <DC=hh3,DC=site> (default) with scope subtree >> # filter: (objectclass=*) >> # requesting: ALL >> # >> >> # search result >> search: 2 >> result: 1 Operations error >> text: 00002020: Operation unavailable without authentication >> >> # numResponses: 1 >> >> >> >> I found this usage: >> >> samba-tool export keytab PATH_TO_KEYTAB >> >> How can I find my PATH_TO_KEYTAB >> ? >> Thanks > > Can't get the syntax right: > > samba-tool domain exportkeytab /var/lib/named/master --principal > > Usage: samba-tool domain exportkeytab <keytab> [options] > > samba-tool domain exportkeytab: error: --principal option requires an > argument > samba-tool domain exportkeytab /path/to/the/keytab/file/you/want/to/create/or/update --principal=the_name(samAccountName_or_spn_created_with_samba-tool_spn)_of_the_principal_you_want_to_extract
Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba