On Thu, 2013-08-29 at 01:41 +0200, Marc Muehlfeld wrote: > > https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd > > > @All: Please give some feedback. Thanks.
Hi The first 4 bullets of 'Method 2' are unnecessary. Why don't we use what we already have? How about this instead? 1. For a client joined to the domain, please skip to (3) below. 2. On the DC: Extract the machine key: samba-tool domain exportkeytab /etc/krb5.keytab --principal=DC1$ 3. Get tickets and create the cache: k5start -f /etc/krb5.keytab -U -o nslcd -K 60 -b -k /tmp/nslcd.tkt - Switch bullets 6 and 7: edit /etc/nsswitch.conf _before_ you start nslcd. It's unfortunate we still have to cater for the old versions too. The extra mappings slow things down considerably for large domains especially as enumeration is enabled. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
