Al 30/08/13 11:41, En/na Rowland Penny ha escrit: > OK, try this sssd.conf that I have altered for your setup, it is based > on the sssd.conf on the machine that I am typing this on and it works, > you just need the krb5.keytab that I told you how to create earlier.
That was /usr/local/samba/bin/samba-tool domain exportkeytab /etc/krb5.keytab -U Administrator yes? [[sssd[ldap_child[8011]]]] [select_principal_from_keytab] (0x0200): trying to select the most appropriate principal from keytab [[sssd[ldap_child[8011]]]] [find_principal_in_keytab] (0x0400): No principal matching [email protected] found in keytab. [[sssd[ldap_child[8011]]]] [find_principal_in_keytab] (0x0400): No principal matching [email protected] found in keytab. [[sssd[ldap_child[8011]]]] [find_principal_in_keytab] (0x0400): No principal matching host/[email protected] found in keytab. [[sssd[ldap_child[8011]]]] [select_principal_from_keytab] (0x0200): Selected principal: [email protected] [[sssd[ldap_child[8011]]]] [ldap_child_get_tgt_sync] (0x0100): Principal name is: [[email protected]] [[sssd[ldap_child[8011]]]] [ldap_child_get_tgt_sync] (0x0100): Using keytab [default] [[sssd[ldap_child[8011]]]] [ldap_child_get_tgt_sync] (0x0100): Will canonicalize principals [[sssd[ldap_child[8011]]]] [prepare_response] (0x0400): Building response for result [0] [[sssd[ldap_child[8011]]]] [main] (0x0400): ldap_child completed successfully [sssd[be[wetron.es]]] [read_pipe_handler] (0x0400): EOF received, client finished [sssd[be[wetron.es]]] [sdap_get_tgt_recv] (0x0400): Child responded: 0 [FILE:/var/lib/sss/db/ccache_WETRON.ES], expired on [1377878906] [sssd[be[wetron.es]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900 [sssd[be[wetron.es]]] [sasl_bind_send] (0x0100): Executing sasl bind mech: GSSAPI, user: (null) [sssd[be[wetron.es]]] [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error] [sssd[be[wetron.es]]] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)] Note that I get the last error even if I add ldap_sasl_authid = Administrator in sssd.conf (Of course in that case I don't get the "No principal matching..." messages but the outcome is the same). I suppose there is some additional step to perform (apart from extracting the keytab). Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
