RSS feed

Re: NSLCD: Resource temporarily unavailable

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: NSLCD: Resource temporarily unavailable

Sure, here you are:

--- /usr/local/etc/nslcd.conf ---

uid nslcd
gid nslcd

uri ldap://<domain-controller-ip>/

base dc=organisation,dc=net

scope sub

# Mappings for Active Directory
pagesize 1000
referrals off
idle_timelimit 800
filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map    passwd uid              sAMAccountName
map    passwd homeDirectory    unixHomeDirectory
map    passwd gecos            displayName
filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map    shadow uid              sAMAccountName
map    shadow shadowLastChange pwdLastSet
filter group  (objectClass=group)

# Use SASL instead of simple bind, GSSAPI is necessary for krb5
sasl_mech GSSAPI

# Ignore all locally defined users (note: only valid for users defined before the daemon is started).
nss_initgroups_ignoreusers ALLLOCAL

# krb5cc to use for for LDAP bind (instead of binddn).
krb5_ccname /tmp/krb5cc_0

--- /etc/krb5.conf ---

 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

 default_realm = ORGANISATION.NET
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 default_etypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des3-hmac-sha1

  default_domain = ORGANISATION.NET
  kdc =
  admin_server =


Kerberos works, I can get a ticket and make queries. Ticket renewals work also.

Thank you

2014/1/22 steve <steve [at]>
On Wed, 2014-01-22 at 14:16 +0100, Alexey Tyurikov wrote:

> Could you give me a hint

Without your /etc/nslcd.conf no.

To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe [at] or see

To unsubscribe send an email to or see