Active Directory, Kerberos, LDAP, PAM, and nsswitch
I'm curious as to why this is not behaving as expected......
I have an RHEL30 box that is configured so that all of it's AAA should be provided by AD.
Using nsswitch, I have configured LDAP to pull extended schema from AD for UIDs, GIDs, etc......and using getent passwd, I am able to see it perfectly.
However, I am attempting to use krb5 against AD for authentication, and for whatever reason, kerberos will not consult nsswitch to pull account info from LDAP. Therefore, it errors out unable to find the UID/GID username to consult against AD. Anyone done Kerberos with LDAP and nsswitch? If so, how to get kerb to consult LDAP for account info?
TIA?
|