Hello, I'm trying to setup replace AD with samba, already have working samba+ldap. And stuck with kerberos. pkg_info: heimdal-1.0.1 nss_ldap-1.264_1 openldap-client-2.4.13 openldap-server-2.4.13
cat /etc/krb5.conf default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = DOMAIN.LOCAL [realms] DOMAIN.LOCAL = { admin_server = SERVER.DOMAIN.LOCAL default_domain = SERVER.DOMAIN.LOCAL kdc = SERVER.DOMAIN.LOCAL } [domain_realm] .domain.local = DOMAIN.LOCAL [kdc] database = { dbname = ldap:ou=KerberosPrincipals,dc=domain,dc=local acl_file = /var/heimdal/kadmind.acl } addresses = 127.0.0.1 192.168.6.23 cat /usr/local/etc/openldap/slapd.conf L: 1 C: 1 ===================================================================== include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/misc.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/openldap.schema include /usr/local/etc/openldap/schema/samba.schema include /usr/local/etc/openldap/schema/hdb.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args modulepath /usr/local/libexec/openldap loglevel 256 logfile /var/db/openldap-data/slapd.log moduleload back_bdb allow update_anon access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword by self write by anonymous auth by * none access to * by self write by anonymous read by sockurl="^ldapi:///$" write by * none database bdb suffix "dc=domain,dc=local" rootdn "cn=admin,dc=domain,dc=local" rootpw {SSHA}somepasshehe directory /var/db/openldap-data index uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index objectClass eq #index cn eq,sub,pres #index uid eq,sub,pres index displayName eq,sub,pres index krb5PrincipalName eq server# kadmin -l kadmin> init DOMAIN.LOCAL Realm max ticket life [unlimited]: Realm max renewable ticket life [unlimited]: kadmin> add admin Max ticket life [1 day]: Max renewable life [1 week]: Principal expiration time [never]: Password expiration time [never]: Attributes []: ad...@domain.local's Password: Verifying - ad...@domain.local's Password: ***************************erro here*********************** ad...@domain.local's Password: kinit: krb5_get_init_creds: Client (ad...@domain.local) unknown *********************************************************** how to fix the error? _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"