lists.arthurdejong.org
RSS feed

Re: NSLCD: Resource temporarily unavailable

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: NSLCD: Resource temporarily unavailable



Sure, here you are:

--- /usr/local/etc/nslcd.conf ---

uid nslcd
gid nslcd

uri ldap://<domain-controller-ip>/

base dc=organisation,dc=net

scope sub

# Mappings for Active Directory
pagesize 1000
referrals off
idle_timelimit 800
filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map    passwd uid              sAMAccountName
map    passwd homeDirectory    unixHomeDirectory
map    passwd gecos            displayName
filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map    shadow uid              sAMAccountName
map    shadow shadowLastChange pwdLastSet
filter group  (objectClass=group)

# Use SASL instead of simple bind, GSSAPI is necessary for krb5
sasl_mech GSSAPI

# Ignore all locally defined users (note: only valid for users defined before the daemon is started).
nss_initgroups_ignoreusers ALLLOCAL

# krb5cc to use for for LDAP bind (instead of binddn).
krb5_ccname /tmp/krb5cc_0


--- /etc/krb5.conf ---

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = ORGANISATION.NET
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 default_etypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des3-hmac-sha1

[realms]
 ORGANISATION.NET = {
  default_domain = ORGANISATION.NET
  kdc = dc.organisation.net
  admin_server = dc.organisation.net
 }

[domain_realm]
 .organisation.net = ORGANISATION.NET
 organisation.net = ORGANISATION.NET



Kerberos works, I can get a ticket and make queries. Ticket renewals work also.

Thank you
Alexey




2014/1/22 steve <steve [at] steve-ss.com>
On Wed, 2014-01-22 at 14:16 +0100, Alexey Tyurikov wrote:


>
>
>
> Could you give me a hint

Without your /etc/nslcd.conf no.




--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe [at] lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/