RSS feed

Samba 4 nslcd GSSAPI problem

[Date Prev][Date Next] [Thread Prev][Thread Next]

Samba 4 nslcd GSSAPI problem

This is my first post here. So Hi everyone.

Ubuntu 11.10 with nss-ldapd and pam-ldapd

I can connect to Samba 4 LDAP no problem by specifying binddn and bind passwd. getent passwd returns the list of Samba 4 users. But not via Kerberos GSSAPI. My /etc/nslcd.conf

uid nslcd
gid nslcd
uri ldap://
base dc=hh3,dc=site
binddn cn=host-account,cn=Users,dc=hh3,dc=site
bindpw 123abc
map    passwd uid              sAMAccountName
map    passwd homeDirectory    unixHomeDirectory
map    shadow uid              sAMAccountName
sasl_mech GSSAPI
#sasl_realm HH3.SITE
krb5_ccname /tmp/krb5cc_0


klist -k /etc/host.keytab
  1 host-account@HH3.SITE

nslcd and k5start OK and klist shows a ticket has been assigned:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: host-account@HH3.SITE
Valid starting     Expires            Service principal
01/19/12 17:24:26  01/20/12 03:24:26  krbtgt/HH3.SITE@HH3.SITE

getent passwd does not list the Samba 4 users. syslog gives:

Jan 19 17:25:04 hh3 nslcd[2861]: [7b23c6] failed to bind to LDAP server ldap:// : Operation now in progress
Jan 19 17:25:04 hh3 nslcd[2861]: [7b23c6] no available LDAP server found
<it tries several times before giving up>

samba gives:
ldb_wrap open of secrets.ldb
Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'

Samba tells me that it supports GSSAPI:

 ldapsearch -x -b '' -sbase supportedSASLMechanisms
# extended LDIF
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: NTLM

Question: why does nslcd give 'Unknown authentication method'?
To unsubscribe send an email to or see