Andreas Hasenack írta: >Em Sáb 18 Mar 2006 13:54, Gémes Géza escreveu: >(...) >Thanks, it worked (somewhat) after I ran "kpasswd" for that user. > > > >>An example ldif: >> >>dn: uid=test,ou=users,dc=example,dc=net >> >>objectClass: person >> >>objectClass: organizationalPerson >> >>objectClass: inetOrgPerson >> >>objectClass: posixAccount >> >>objectClass: top >> >>objectClass: shadowAccount >> >>objectClass: sambaSamAccount >> >>objectClass: krb5Principal >> >>sn: Account >> >>userPassword: [EMAIL PROTECTED] >> >> > >I see you are authenticating simple binds with an SASL mechanism. I assume >it's gssapi? Via saslauthd? > > > Yes I have saslauthd options set to: -n 3 -c -l -a kerberos5 via /etc/default/saslauthd: # This needs to be uncommented before saslauthd will be run automatically # START=yes START=yes
# You must specify the authentication mechanisms you wish to use. # This defaults to "pam" for PAM support, but may also include # "shadow" or "sasldb", like this: # MECHANISMS="pam shadow" PARAMS="-n 3 -c -l" MECHANISMS="kerberos5" and an /usr/lib/sasl2/slapd.conf, which reads: pwcheck_method: saslauthd saslauthd_path: /var/run/saslauthd/mux keytab: /etc/krb5.keytab This saslauthd setup works both for slapd and cyrus-imap Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
