Samba 4 nslcd GSSAPI problem

[steve <steve [at] steve-ss.com>]

This is my first post here. So Hi everyone.

Ubuntu 11.10 with nss-ldapd and pam-ldapd

I can connect to Samba 4 LDAP no problem by specifying binddn and bind 
passwd. getent passwd returns the list of Samba 4 users. But not via 
Kerberos GSSAPI. My /etc/nslcd.conf

uid nslcd
gid nslcd
uri ldap://192.168.1.3
base dc=hh3,dc=site
binddn cn=host-account,cn=Users,dc=hh3,dc=site
bindpw 123abc
map    passwd uid              sAMAccountName
map    passwd homeDirectory    unixHomeDirectory
map    shadow uid              sAMAccountName
sasl_mech GSSAPI
#sasl_realm HH3.SITE
krb5_ccname /tmp/krb5cc_0

/etc/default/nslcd
K5START_START="yes"
K5START_BIN=/usr/bin/k5start
K5START_KEYTAB=/etc/host.keytab
K5START_CCREFRESH=60
K5START_PRINCIPAL="host-account@HH3.SITE"

klist -k /etc/host.keytab
  1 host-account@HH3.SITE

nslcd and k5start OK and klist shows a ticket has been assigned:
klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: host-account@HH3.SITE
Valid starting     Expires            Service principal
01/19/12 17:24:26  01/20/12 03:24:26  krbtgt/HH3.SITE@HH3.SITE

getent passwd does not list the Samba 4 users. syslog gives:

Jan 19 17:25:04 hh3 nslcd[2861]: [7b23c6] failed to bind to LDAP server 
ldap://192.168.1.3: : Operation now in progress
Jan 19 17:25:04 hh3 nslcd[2861]: [7b23c6] no available LDAP server found
<it tries several times before giving up>

samba gives:
ldb_wrap open of secrets.ldb
Terminating connection - 'ldapsrv_call_loop: 
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'

Samba tells me that it supports GSSAPI:

 ldapsearch -x -b '' -sbase supportedSASLMechanisms
# extended LDIF
#
dn:
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: NTLM

Question: why does nslcd give 'Unknown authentication method'?
Thanks
Steve
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/