On 2020-01-21 13:14, Prentice Bisbal wrote:
It looks like Kerberos itself is working, but slapd is not getting a valid TGT when starting up. Could it be something wrong with the way slad is starting?
How slapd gets started really depends on the OS. I use Debian and setting the ticket cache pointer is done in /etc/default/slapd. The ticket cache must be maintained by an external process. We use k5start for that.
Oh, and I forgot. If you are using Ubuntu apparmor is enable by default. You might what to put it in complain mode to figure out what is going on.
aa-complain /usr/sbin/slapd
apparmor by default is coming to debian as well in the next release I believe.
Bill