Hey,
i"m strugglin a bit with my sssd configuration. We want to use local accounts (users
and groups) and as authentication should be the ldap from the windows AD used. My
current configuration throws some errors that i can't understand.
---------- sssd.conf ------------
[sssd]
config_file_version = 2
services = pam, nss
domains = testad
[nss]
[pam]
[domain/testad]
id_provider = proxy
proxy_lib_name = files
auth_provider = ldap
ldap_schema = AD
ldap_default_bind_dn = cn=administrator,cn=users,dc=example,dc=com
ldap_default_authtok=XXXXXXXXXXXX
ldap_uri = ldaps://192.168.122.222:3269/
ldap_search_base = dc=example,dc=com
ldap_tls_reqcert = allow
ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
----------- sssd_testad.log ---------------------
(Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [sdap_search_user_next_base] (0x04
00): Searching for users with base [dc=example,dc=com]
(Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [sdap_get_generic_ext_step] (0x040
0): calling ldap_search_ext with [(&(sAMAccountName=testnutzer1)(objectclass=use
r))][dc=example,dc=com].
(Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [sdap_get_generic_op_finished] (0x
0400): Search result: Operations error(1), 000004DC: LdapErr: DSID-0C0906E8, com
ment: In order to perform this operation a successful bind must be completed on
the connection., data 0, v1db1
(Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [sdap_get_generic_op_finished] (0x
0040): Unexpected result from ldap: Operations error(1), 000004DC: LdapErr: DSID
-0C0906E8, comment: In order to perform this operation a successful bind must be
completed on the connection., data 0, v1db1
(Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [generic_ext_search_handler] (0x00
40): sdap_get_generic_ext_recv failed [5]: Eingabe-/Ausgabefehler
(Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [get_user_dn_done] (0x0040): Faile
d to retrieve users
Every tip is welcome, i"m not sure if it is possible to use this combination of id /
auth provider.
best regards
Michael Wandel