Hi! Is there a way to use an external LDAP server with Samba4 (eg. openldap) to authenticate users or alternatively to sync Samba's internal LDAP with other services like Radius? My goal is to enter all user credentials to either an external or Samba4 internal LDAP and make Samba, Radius, etc. use it for authentication / as a master when synchronizing user data. I already tried: 1. http://techminded.net/blog/install-samba-pdc--ldap-on-debian-squeeze.html (server: Debian 6.05) --> worked with XP clients, but Win7 clients couldn't join to the domain. 2. https://wiki.samba.org/index.php/Samba4/HOWTO (server: RHEL 6.3) --> works fine with all clients, but I can't communicate with internal LDAP, I get this error message when I try a simple ldapsearch: ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired) I googled around a lot, but haven't found any working solutions yet. Do you know any answer to this problem? Or can you advise an alternative solution? Thanks in advance, Mark
Hi Mark, I've written a HowTo for configuring Radius to authenticate to Samba " http://agix.com.au/blog/?p=2994". But i can only answer this part. Good luck. -Andrew Galdes On Wed, Nov 21, 2012 at 9:57 PM, s mark <marksp at indamail.hu> wrote:> Hi! > > Is there a way to use an external LDAP server with Samba4 (eg. openldap) > to authenticate users or > alternatively to sync Samba's internal LDAP with other services like > Radius? > My goal is to enter all user credentials to either an external or Samba4 > internal LDAP and make Samba, Radius, etc. use it for authentication / as a > master when synchronizing user data. > > I already tried: > 1. > http://techminded.net/blog/install-samba-pdc--ldap-on-debian-squeeze.html(server: Debian 6.05) --> worked with XP clients, but Win7 clients > couldn't join to the domain. > 2. https://wiki.samba.org/index.php/Samba4/HOWTO (server: RHEL 6.3) > --> works fine with all clients, but I can't communicate with internal > LDAP, I get this error message when I try a simple ldapsearch: > > ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): > generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may > provide more information (Ticket expired) > > I googled around a lot, but haven't found any working solutions yet. Do > you know any answer to this problem? Or can you advise an alternative > solution? > > Thanks in advance, > Mark > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- -Andrew Galdes Managing Director RHCSA, LPI, CCENT AGIX Linux Ph: 08 7324 4429 Mb: 0422 927 598 Site: http://www.agix.com.au Twitter: http://twitter.com/agixlinux LinkedIn: http://au.linkedin.com/in/andrewgaldes
On Wed, 2012-11-21 at 12:27 +0100, s mark wrote:> Hi! > > Is there a way to use an external LDAP server with Samba4 (eg. openldap) to authenticate users or > alternatively to sync Samba's internal LDAP with other services like Radius? > My goal is to enter all user credentials to either an external or Samba4 internal LDAP and make Samba, Radius, etc. use it for authentication / as a master when synchronizing user data. > > I already tried: > 1. http://techminded.net/blog/install-samba-pdc--ldap-on-debian-squeeze.html (server: Debian 6.05) --> worked with XP clients, but Win7 clients couldn't join to the domain. > 2. https://wiki.samba.org/index.php/Samba4/HOWTO (server: RHEL 6.3) --> works fine with all clients, but I can't communicate with internal LDAP, I get this error message when I try a simple ldapsearch: > > ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)Could it just be as the message suggests, that your local kerberos ticket is expired? Either bind using a simple bind or kinit to refresh your ticket cache. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
Reasonably Related Threads
- Linux/Winbind AD domain member loses membership after about 4 days
- Is it possible to change the root/Administrator user to another username?
- Asterisk Inbound calls, multiple SIP accounts, calledID
- Asterisk Inbound calls, multiple SIP accounts, calledID
- samba-tool not working as i'd expect