Al 30/08/13 10:11, En/na steve ha escrit: > On Fri, 2013-08-30 at 00:34 +0200, Luca Olivetti wrote: >> Al 29/08/13 21:54, En/na Rowland Penny ha escrit: >> >>>> Yes, I was trying sssd, but I forgot that I switched back nsswitch.conf >>>> to ldap, so I thought your suggestion was working while it actually >>>> wasn't (same error with Administrator as with HP$). >>>> >>>> Bye >>> Hi, I am replying to you on list, could you please post your sssd.conf >>> and what version of sssd you are using, also what is your OS >> >> OK, now I got sssd working *but* without kerberos. > > Hi > I'm not sure what you want. Is this now EOT or do you want to go on and > debug to get gssapi?
Well, I'd like to get gssapi working > > If you wish to go on: > samba-tool domain exportkeytab /etc/krb5.sssd.keytab > --principal=nslcd-connect > (You may already have this from your nslcd config) done > Kill all nslcd processes. done > > ldap_sasl_mech = gssapi > ldap_sasl_authid = nslcd-connect > ldap_krb5_keytab = /etc/krb5.sssd.keytab done, but when I try, say, "id oscar" [sssd[be[default]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(samAccountName=oscar)(objectclass=user))][dc=wetron,dc=es]. [sssd[be[default]]] [sdap_get_generic_ext_done] (0x0400): Search result: Operations error(1), 00002020: Operation unavailable without authentication [sssd[be[default]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 00002020: Operation unavailable without authentication [sssd[be[default]]] [sdap_get_generic_done] (0x0100): sdap_get_generic_ext_recv failed [5]: Error d’Entrada/Sortida > To get full benefit from sssd I'd recommend the latest version which has > a proper AD backend. e.g. sssd version 1.11.1 gives you id and getent > without requiring the posixAccount objectClass. I don't need it even with the version I have. Thank you Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba