Hi list
I'm sure I have gabs of understanding of how to use SSSD without using plain
binding-user credentials in the configfile. I followed the guide for Win2008 allthough I
only have 2003 SFU - would that work?
- I see it right that GSSAPI should enable looking up stuff in the LDAP using a
machine-account instead of the binding-user/passwd?
- Kerberos (which has the machine-auth-ticket) comes into play for LDAP, but this exceeds
the basic LDAP authentication (eg. Auth via Kerberos on the LDAP server)? Is this enough
to feed nsswitch (e.g. getent) or is an additional valid user/pass still required?
The trouble I'm having here is the ktpasswd.exe generated-key is always dated at
01/01/70 01:00:00 which I guess is also the reason why ldapsearch -Y GSSAPI and kinit
fail? 2003 behaviour?
The krb and ldap configuration works quite fine with bind-dn, just struggeling with
SASL/GSSAPI.
Cheers
Josh
--
----
ASG at hnet
Show replies by date