Hi, I am trying to configure the nslcd service on an Ubuntu client for kerberos authentication against samba4. My /etc/nslcd.conf contains the following:
uid nslcd gid nslcd uri ldapi:///cofil01.mydomain.net base dc=mydomain,dc=net sasl_mech GSSAPI krb5_ccname FILE:/tmp/host.tkt I have added the host principal "host/ubuntu-test.mydomain.net @ MYDOMAIN.NET" to /etc/krb5.keytab on both the samba4 server and the client by using ktutil. I have confirmed that the principals exist on both machines by using klist -ke /etc/krb5.keytab. "hostname -f" gives me the fully qualified domain name for the client. If I restart the nslcd service, I get the following error on the client: * Starting Keep alive Kerberos ticket k5start k5start: error getting credentials: Client not found in Kerberos database On the samba4 server side, in the /var/log/samba/log.samba file, I get following errors: Kerberos: AS-REQ host/ubuntu-test.mydomain.net @ MYDOMAIN.NET from ipv4: 10.45.1.55:34456 for krbtgt/MYDOMAIN.NET @ MYDOMAIN.NET Kerberos: UNKNOWN -- host/ubuntu-test.mydomain.net @ MYDOMAIN.NET: no such entry found in hdb It says "no such entry found in hdb", does hdb refer to the /etc/krb5.keytab principal database or is it referring to a database that I don't know about? Note: I have put spaces around all "@" so the list does not interpret them as e-mail addresses. br, Quinn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba