Al 29/08/13 12:06, En/na steve ha escrit: > We have sssd covered here: > http://linuxcostablanca.blogspot.com.es/2013/04/sssd-in-samba-40.html
Well, that's doesn't seem to be complete (at least to a kerberos newbie like me). For example, it's missing the step to create /etc/krb5.keytab I used /usr/local/samba/bin/samba-tool domain exportkeytab /etc/krb5.keytab --principal=HP$ but then sssd complains that [[sssd[ldap_child[2300]]]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [HP$@WETRON.ES] [[sssd[ldap_child[2300]]]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [/etc/krb5.keytab] [[sssd[ldap_child[2300]]]] [ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals [[sssd[ldap_child[2300]]]] [prepare_response] (0x0400): Building response for result [0] [[sssd[ldap_child[2300]]]] [main] (0x0400): ldap_child completed successfully [sssd[be[default]]] [read_pipe_handler] (0x0400): EOF received, client finished [sssd[be[default]]] [sdap_get_tgt_recv] (0x0400): Child responded: 0 [FILE:/var/lib/sss/db/ccache_WETRON.ES], expired on [1377842615] [sssd[be[default]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900 [sssd[be[default]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: HP$ [sssd[be[default]]] [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error] [sssd[be[default]]] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)] BTW, installing sssd from rpm (mageia 3, which provides 1.9.4) causes locally built samba to not start anymore (since there is some conflicting library and samba will use the "bad" library in /usr/lib64 instead of the one under /usr/local/samba), so, in my specific case, I cannot really say 'you'll not believe how simple this is' ;-) nslcd seems simpler (at least I got it working) Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba