On 14 January 2012 12:52, steve <st...@steve-ss.com> wrote: > On 14/01/12 03:19, Michael Wood wrote: >> >> On 14 January 2012 01:24, steve<st...@steve-ss.com> wrote: [...] >>> drwxr-xr-x 118 root root 12288 Jan 13 23:55 etc >>> -rw------- 1 root root 1225 Jan 13 12:12 krb5.keytab >> >> That's fine, but is that what nslcd is using? > > Ah. Well spotted! The nslcd docs recommends you run it as a separate user, > so I created a user and group for nslcd and specified them in nslcd.conf. > nslcd is running as nslcd:nslcd So nslcd can't get inside the keytab. Is > that correct? (can't test it as am not by the DC at the moment)
Sounds likely. So you probably need to export a keytab for your nslcd principal to a new keytab (e.g. /var/run/nslcd/nslcd.tkt) and make sure that nslcd has permission to read it. No other user should have read access. -- Michael Wood <esiot...@gmail.com> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba