Re: NSLCD: Resource temporarily unavailable
[Date Prev][Date Next] [Thread Prev][Thread Next]Re: NSLCD: Resource temporarily unavailable
- From: Alexey Tyurikov <alexey.tyurikov [at] gmail.com>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: NSLCD: Resource temporarily unavailable
- Date: Wed, 22 Jan 2014 16:15:16 +0100
Sure, here you are:
--- /usr/local/etc/nslcd.conf ---
uid nslcd
gid nslcd
uri ldap://<domain-controller-ip>/
base dc=organisation,dc=net
scope sub
# Mappings for Active Directory
pagesize 1000
referrals off
idle_timelimit 800
filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map passwd uid sAMAccountName
map passwd homeDirectory unixHomeDirectory
map passwd gecos displayName
filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map shadow uid sAMAccountName
map shadow shadowLastChange pwdLastSet
filter group (objectClass=group)
# Use SASL instead of simple bind, GSSAPI is necessary for krb5
sasl_mech GSSAPI
# Ignore all locally defined users (note: only valid for users defined before the daemon is started).
nss_initgroups_ignoreusers ALLLOCAL
# krb5cc to use for for LDAP bind (instead of binddn).
krb5_ccname /tmp/krb5cc_0
--- /etc/krb5.conf ---
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = ORGANISATION.NET
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
default_etypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des3-hmac-sha1
[realms]
ORGANISATION.NET = {
default_domain = ORGANISATION.NET
kdc = dc.organisation.net
admin_server = dc.organisation.net
}
[domain_realm]
Kerberos works, I can get a ticket and make queries. Ticket renewals work also.
Thank you
Alexey
2014/1/22 steve <steve [at] steve-ss.com>
On Wed, 2014-01-22 at 14:16 +0100, Alexey Tyurikov wrote:Without your /etc/nslcd.conf no.
>
>
>
> Could you give me a hint
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe [at] lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see http://lists.arthurdejong.org/nss-pam-ldapd-users/
- NSLCD: Resource temporarily unavailable,
Alexey Tyurikov
- Re: NSLCD: Resource temporarily unavailable,
steve
- Re: NSLCD: Resource temporarily unavailable, Alexey Tyurikov
- Re: NSLCD: Resource temporarily unavailable,
steve
- Re: NSLCD: Resource temporarily unavailable,
Arthur de Jong
- Re: NSLCD: Resource temporarily unavailable,
Alexey Tyurikov
- Re: NSLCD: Resource temporarily unavailable, Arthur de Jong
- Re: NSLCD: Resource temporarily unavailable,
Alexey Tyurikov
- Prev by Date: Re: NSLCD: Resource temporarily unavailable
- Next by Date: Re: NSLCD: Resource temporarily unavailable
- Previous by thread: Re: NSLCD: Resource temporarily unavailable
- Next by thread: Re: NSLCD: Resource temporarily unavailable