search for: ldapcache

...the credentials cache should be initiated by an external program (cron and startup script), at least with the TGT and maybe the TGS for ldap. Since usually kerberosv5 cache is based on the user id ( /tmp/krb5cc_0 for root) there's an option in ldap.conf (krb5_ccname) to set the filename (/etc/.ldapcache in nss_ldap tutorials) for this cache. Is there any way to do this with dovecot-ldap.conf or should I try to use "auth user" default cache filename ? Thanks in advance

...samba.org/index.php/OpenLDAP_as_proxy_to_AD . That's not > whatI need. > > > > -- > With best regards, > > Tabolin Yuriy > System administrator > Speech Technology Center OK, a bit more googling, turned this up, but it in japanese: http://www.hanabusa.net/intra/ldapcache.html Rowland

...kerberos keytab' entry in smb.conf(5). When using the heimdal kerberos libraries, you must also specify the following in /etc/krb5.conf: [libdefaults] default_keytab_name = FILE:/etc/krb5.keytab I'm trying to do a kinit with the following command: kinit -k -c /etc/.ldapcache -S ldap/dc.example.com \ host/<host> && chmod a+r /etc/.ldapcache I get the error that preauthentication failed. Joining a PC to a domain also works quite well. And the services are also working fine. I want to use the Machine-Account, to verfiy a GSSAPI-Login against an Openld...

...y >> without cache. Similarinstructionshere >> https://wiki.samba.org/index.php/OpenLDAP_as_proxy_to_AD . That's not >> whatI need. >> >> >> >> > > OK, a bit more googling, turned this up, but it in japanese: > http://www.hanabusa.net/intra/ldapcache.html > Big thanks! It very helps for me. I don’t understand japanese, but there is a link to ad.schema file. I have done some modifications on it and it works for me. -- With best regards, Tabolin Yuriy System administrator Speech Technology Center

On 16/12/15 19:35, Rowland penny wrote: > On 16/12/15 19:02, Таболин Юрий wrote: >> Hi all. >> >> I have samba 4.2.3 on freebsd 10.1 server. There are three DC and >> about 350 PC on domain. I wrote earlier that samba4 ldap performance >> is not enough for me. Now I want to try a server in the middle with >> openldap pcache - ldap cache proxy function. But

...tls_ciphers HIGH:MEDIUM:SSLv2 # Client certificate and key # Use these, if your server requires client authentication. #tls_cert #tls_key # Disable SASL security layers. This is needed for AD. #sasl_secprops maxssf=0 # Override the default Kerberos ticket cache location. #krb5_ccname FILE:/etc/.ldapcache # SASL mechanism for PAM authentication - use is experimental # at present and does not support password policy control #pam_sasl_mech DIGEST-MD5 (END)

...for syntax #tls_ciphers TLSv1 # Client certificate and key # Use these, if your server requires client authentication. #tls_cert #tls_key # Disable SASL security layers. This is needed for AD. #sasl_secprops maxssf=0 # Override the default Kerberos ticket cache location. #krb5_ccname FILE:/etc/.ldapcache # SASL mechanism for PAM authentication - use is experimental # at present and does not support password policy control #pam_sasl_mech DIGEST-MD5 uri ldap://centserver.abc.com:389/ ssl no tls_cacertdir /etc/openldap/cacerts pam_password md5 12.authconfig-tui Mark at the position shown below:...

...tls_ciphers HIGH:MEDIUM:SSLv2 # Client certificate and key # Use these, if your server requires client authentication. #tls_cert #tls_key # Disable SASL security layers. This is needed for AD. #sasl_secprops maxssf=0 # Override the default Kerberos ticket cache location. #krb5_ccname FILE:/etc/.ldapcache # SASL mechanism for PAM authentication - use is experimental # at present and does not support password policy control #pam_sasl_mech DIGEST-MD5 (END)

...for syntax #tls_ciphers TLSv1 # Client certificate and key # Use these, if your server requires client authentication. #tls_cert #tls_key # Disable SASL security layers. This is needed for AD. #sasl_secprops maxssf=0 # Override the default Kerberos ticket cache location. #krb5_ccname FILE:/etc/.ldapcache # SASL mechanism for PAM authentication - use is experimental # at present and does not support password policy control #pam_sasl_mech DIGEST-MD5 ssl no #tls_cacertdir /etc/openldap/cacerts pam_password md5 tls_cacertdir /etc/openldap/cacerts #debug 256 #logdir /data/logs ========================...