Hi all.
Just installed Fedora and I am trying to setup authentication with our LDAP server. I followed the convenient authentication installation instructions (I am using TLS / no SASL). Unfortunately authentication was not working, so I decided to see if get first get nsswitch going and found about your sssd daemon. Any way here are the pertinent lines from from nsswitch.conf
passwd: files sss shadow: files sss group: files sss
The command getent passwd cochran did not work until I tweaked the sssd.conf file (sort of guessing here); Here are the tweeks
domains = LDAP #domains = LOCAL,LDAP
[domain/LDAP] id_provider = ldap auth_provider = ldap ldap_uri = ldap://encs-nexus.vancouver.wsu.edu ldap_user_search_base = dc=encs,dc=vancouver,dc=wsu,dc=edu ldap_tls_reqcert = demand cache_credentials = true enumerate = true
Now the following works (it gets the correct info from LDAP):
getent passwd cochran cochran:*:10001:10099::/home/cochran:/bin/bash
but alas the command getent group faculty does *not* work
Running sssd in debug mode usr/sbin/sssd -i -d 5 reveals the following
(Thu Aug 5 09:41:49 2010) [sssd[nss]] [accept_fd_handler] (4): Client connected! (Thu Aug 5 09:41:49 2010) [sssd[nss]] [sss_cmd_get_version] (5): Received client version [1]. (Thu Aug 5 09:41:49 2010) [sssd[nss]] [sss_cmd_get_version] (5): Offered version [1]. (Thu Aug 5 09:41:49 2010) [sssd[nss]] [nss_cmd_getgrnam] (4): Requesting info for [faculty] from [<ALL>] (Thu Aug 5 09:41:49 2010) [sssd[nss]] [nss_cmd_getgrnam] (4): Requesting info for [faculty@LDAP] (Thu Aug 5 09:41:49 2010) [sssd[nss]] [sss_dp_send_acct_req_create] (4): Sending request for [LDAP][4098][1][name=faculty] (Thu Aug 5 09:41:49 2010) [sssd[be[LDAP]]] [be_get_account_info] (4): Got request for [4098][1][name=faculty] (Thu Aug 5 09:41:49 2010) [sssd[be[LDAP]]] [groups_get_delete] (2): Group (faculty) delete returned 2 (No such file or directory) (Thu Aug 5 09:41:49 2010) [sssd[be[LDAP]]] [acctinfo_callback] (4): Request processed. Returned 0,0,Success (Thu Aug 5 09:41:49 2010) [sssd[nss]] [sss_dp_get_reply] (4): Got reply (0, 0, Success) from Data Provider (Thu Aug 5 09:41:49 2010) [sssd[nss]] [nss_cmd_getgrnam_callback] (2): No matching domain found for [faculty], fail! (Thu Aug 5 09:41:49 2010) [sssd[nss]] [nss_cmd_getgrnam_callback] (2): No results for getgrnam call (Thu Aug 5 09:41:49 2010) [sssd[nss]] [client_recv] (5): Client disconnected!
I have not clue what to change now. Any help would be greatly appreciated. I am not a hard core sysadmin (budget cuts have me setting this up myself).
--w
Wayne O. Cochran Assistant Professor Computer Science wcochran@vancouver.wsu.edu