[SLUG] openldap samba kerberos gssapi pam soup

From: Mike Branda (mike@wackyworld.tv)
Date: Mon Jul 10 2006 - 23:01:49 EDT


Anybody ever get this nonsense working right?

I've been able to get samba to work with openldap as a pdc with net
logons just fine. The problem is that I want to use the same posix uid
gid for login auth and privs for our macs.

To do this the macs need kerberos.

I'm having a bit of trouble getting ldap to use the kerberos auth
mechanism. anybody know what the passwd entry for a user has to be in
ldap to get it to go to kerberos for the passwd auth? Or is it handled
in slapd? I keep reading stuff about GSSAPI to bring it all together
and command line ldapsearch tests of SASL binds work but when I add a
user to ldap (minus the pwd), and then add the principal to kerberos
with the desired passwd, it doesn't connect properly. I also know that
kerberos works because adding the the pam_krb lines to pam allow me to
ssh in with an *K* (tells the system to use kerberos) entry
in /etc/shadow for the a given user.

So to recap...

kerberos on it's own works.
samba through ldap with encrypted passwds stored in ldap works.
ldap with kerberos has a missing link somewhere and doesn't work.

Any ideas? Where is the missing link? Or are you just as confused now
as I am? ;^)

TIA

Mike Branda Jr.

-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:38:02 EDT