Re: NSLCD: Resource temporarily unavailable

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: steve <steve [at] steve-ss.com>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: NSLCD: Resource temporarily unavailable
Date: Wed, 22 Jan 2014 16:59:26 +0100

On Wed, 2014-01-22 at 16:15 +0100, Alexey Tyurikov wrote:
> Sure, here you are:
> 

A few things to try. . .
HTH
Steve

> 
> --- /usr/local/etc/nslcd.conf ---
> 
> 
> uid nslcd
> gid nslcd
> 
> 
> uri ldap://<domain-controller-ip>/

**
uri ldap://f.q.d.n
not the IP
> 
> 
> base dc=organisation,dc=net
> 
> 
> scope sub
> 
> 
> # Mappings for Active Directory
> pagesize 1000
> referrals off
> idle_timelimit 800
> filter passwd
> (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
> map    passwd uid              sAMAccountName
> map    passwd homeDirectory    unixHomeDirectory
> map    passwd gecos            displayName

** We have no references to shadow. Do any of your users need this?
> filter shadow
> (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
> map    shadow uid              sAMAccountName
> map    shadow shadowLastChange pwdLastSet
**
> filter group  (objectClass=group)
> 
> 
> # Use SASL instead of simple bind, GSSAPI is necessary for krb5
> sasl_mech GSSAPI
> 
> 
> # Ignore all locally defined users (note: only valid for users defined
> before the daemon is started).
> nss_initgroups_ignoreusers ALLLOCAL
> 
> 
> # krb5cc to use for for LDAP bind (instead of binddn).
> krb5_ccname /tmp/krb5cc_0
> 
> 
** nslcd needs access to the ticket.
chown nslcd:nslcd /tmp/krb5cc_0

> 
> 
> --- /etc/krb5.conf ---
> 
> 
> [logging]
>  default = FILE:/var/log/krb5libs.log
>  kdc = FILE:/var/log/krb5kdc.log
>  admin_server = FILE:/var/log/kadmind.log
> 
> 
> [libdefaults]
>  default_realm = ORGANISATION.NET
>  dns_lookup_realm = false
** lookup the kdc
>  dns_lookup_kdc = false
dns_lookup_kdc = true

>  ticket_lifetime = 24h
>  renew_lifetime = 7d
>  forwardable = true
>  default_etypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
> des3-hmac-sha1
> 
> 
> [realms]
>  ORGANISATION.NET = {
>   default_domain = ORGANISATION.NET
>   kdc = dc.organisation.net
>   admin_server = dc.organisation.net
>  }
> 
> 
> [domain_realm]
>  .organisation.net = ORGANISATION.NET

** Don't give alternatives:
>  organisation.net = ORGANISATION.NET
> 
> 
> 
> 
> 
> 
> Kerberos works, I can get a ticket and make queries. Ticket renewals
> work also.
> 
> 
> Thank you
> Alexey
> 
> 
> 
> 
> 
> 
> 2014/1/22 steve <steve@steve-ss.com>
>         On Wed, 2014-01-22 at 14:16 +0100, Alexey Tyurikov wrote:
>         
>         
>         >
>         >
>         >
>         > Could you give me a hint
>         
>         
>         Without your /etc/nslcd.conf no.
>         
>         
>         
>         
>         --
>         To unsubscribe send an email to
>         nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
>         http://lists.arthurdejong.org/nss-pam-ldapd-users/
> 
> 


-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

NSLCD: Resource temporarily unavailable, Alexey Tyurikov
- Re: NSLCD: Resource temporarily unavailable, steve
  - Re: NSLCD: Resource temporarily unavailable, Alexey Tyurikov
    - Re: NSLCD: Resource temporarily unavailable, steve
- Re: NSLCD: Resource temporarily unavailable, Arthur de Jong
  - Re: NSLCD: Resource temporarily unavailable, Alexey Tyurikov
    - Re: NSLCD: Resource temporarily unavailable, Arthur de Jong

Prev by Date: Re: NSLCD: Resource temporarily unavailable
Next by Date: Re: NSLCD: Resource temporarily unavailable
Previous by thread: Re: NSLCD: Resource temporarily unavailable
Next by thread: Re: NSLCD: Resource temporarily unavailable