Al 30/08/13 18:54, En/na steve ha escrit:
> Bueno, a ver:
> We can say for certain that /etc/krb5.keytab contains the key for
> nslcd-connect
> make sure you have:
>
> ldap_sasl_mech = gssapi
> ldap_sasl_authid = nslcd-conn...@wetron.es
> ldap_krb5_keytab = /etc/krb5.keytab
>
> (note, I think you had a different keytab in an older post. Lose it.)
Done
>
> Next, can you resolve the kerberos SRV record:
> host -t SRV _kerberos._udp.dc1.wetron.es.
It doesn't resolve, but _kerberos._udp.wetron.es. does
_kerberos._udp.wetron.es has SRV record 0 100 88 hp.wetron.es.
>
> What do you have for /etc/krb5.conf
[libdefaults]
default_realm = WETRON.ES
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
WETRON.ES = {
kdc = 192.168.4.101
admin_server = 192.168.4.101
}
>
> What does:
> sssd --version
> give?
1.9.4
In case it matters, sasl is 2.1.25, and I have the relevant plugins
installed:
# rpm -qa *sasl*
lib64sasl2-plug-sasldb-2.1.25-12.mga3
lib64sasl2-2.1.25-12.mga3
cyrus-sasl-2.1.25-12.mga3
lib64sasl2-plug-login-2.1.25-12.mga3
lib64sasl2-plug-plain-2.1.25-12.mga3
lib64sasl2-plug-ldapdb-2.1.25-12.mga3
lib64sasl2-plug-gssapi-2.1.25-12.mga3
lib64sasl2-devel-2.1.25-12.mga3
Bye
--
Luca Olivetti
Wetron Automation Technology http://www.wetron.es
Tel. +34 935883004 Fax +34 935883007
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
