On 06/22/2016 10:28 AM, Dieter Klünter wrote:
Am Tue, 21 Jun 2016 11:55:35 +0300 schrieb l@avc.su:
Hi Mark.
Thank you, looks like the problem is not related to OpenLDAP package. I've tried to get a service ticket for ldap/dc.contoso.com@CONTOSO.COM, but to no avail:
[...]
As i mentioned in my first post, linux kerberized clients require a host principal and a service principal. Read the Microsoft docs on kerberos services for Unix.
you do not need a kerberized linux client for performing a kerberized ldapsearch command in this scenario. No host principal or any other service principals for the linux systems are required to do this. The ldapsearch command fails to retrieve the LDAP service ticket for the RODC.
- Mark