On Wed, 2012-11-21 at 12:27 +0100, s mark wrote: > Hi! > > Is there a way to use an external LDAP server with Samba4 (eg. openldap) to > authenticate users or > alternatively to sync Samba's internal LDAP with other services like Radius? > My goal is to enter all user credentials to either an external or Samba4 > internal LDAP and make Samba, Radius, etc. use it for authentication / as a > master when synchronizing user data. > > I already tried: > 1. http://techminded.net/blog/install-samba-pdc--ldap-on-debian-squeeze.html > (server: Debian 6.05) --> worked with XP clients, but Win7 clients > couldn't join to the domain. > 2. https://wiki.samba.org/index.php/Samba4/HOWTO (server: RHEL 6.3) --> > works fine with all clients, but I can't communicate with internal LDAP, I > get this error message when I try a simple ldapsearch: > > ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): > generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may > provide more information (Ticket expired)
Could it just be as the message suggests, that your local kerberos ticket is expired? Either bind using a simple bind or kinit to refresh your ticket cache. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
