On Fri, 2013-08-30 at 19:21 +0200, Luca Olivetti wrote: > Al 30/08/13 18:54, En/na steve ha escrit: > > > Bueno, a ver: > > We can say for certain that /etc/krb5.keytab contains the key for > > nslcd-connect > > make sure you have: > > > > ldap_sasl_mech = gssapi > > ldap_sasl_authid = nslcd-conn...@wetron.es > > ldap_krb5_keytab = /etc/krb5.keytab > > > > (note, I think you had a different keytab in an older post. Lose it.) > > Done > > > > > Next, can you resolve the kerberos SRV record: > > host -t SRV _kerberos._udp.dc1.wetron.es. > > It doesn't resolve, but _kerberos._udp.wetron.es. does > > _kerberos._udp.wetron.es has SRV record 0 100 88 hp.wetron.es. > > That's good. Sorry, I didn't know your domain or hostnames > > > > What do you have for /etc/krb5.conf > > [libdefaults] > default_realm = WETRON.ES > dns_lookup_realm = true > dns_lookup_kdc = true
Remove the [realms] section and change: dns_lookup_realm = false (I'm assuming that this is a single DC) I also have: cyrus-sasl-32bit Now go through everything in the thread, clear everything in /var/lib/sss/db/* and restart sssd. Make sure that nscd is not running. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
