On (30/01/16 16:01), Marcelo Coelho wrote:
Hi all,
I've been struggling to setup a centralized authentication system for quite
some time. It is composed by:
- openldap 2.4.43, with TLS self-signed certs (root chain is ok):
ldaps://serv;
- pam 1.2.1; pambase 20150213;
- sssd 1.13.1;
- openssh 7.1.
Currently I'm trying to authenticate a LDAP user in the server that hosts
openldap.
ldapsearch -x shows me stuff correctly, with TLS working. If I try to
connect through the command-line, the logs show sssd getting stuff from
openldap with success. But, login fails:
<log>
login[xxxx]: pam_sss(login:auth): authentication success; logname=LOGIN
uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=user_a
login[xxxx]: FAILED LOGIN (1) on '/dev/tty1' FOR 'UNKNOWN',
Authentication
failure
</log>
Also, id user_a fails, getent passwd user_a fails. Have no idea what may be
wrong (if sssd, ldap DB, whatever).
Are you sure that getent passwd user_a failed?
Because there is "pam_sss(login:auth): authentication success"
and it could not pass without this.
If it really does not work the I will recommend to follow
https://fedorahosted.org/sssd/wiki/Troubleshooting
LS