On 10/26/2013 06:36 AM, Roberts Klotiņš wrote:
The last thought that occurred was to run authconfig --test. Authconfig apparently is the command used by various frontends so I thought output from it could point to the problem

I wish the output would have made more  sense to me - it does not quite indicate which files the answers come from.

$ sudo authconfig --test
caching is enabled
nss_files is always enabled
nss_compat is disabled
nss_db is disabled
nss_hesiod is disabled
 hesiod LHS = ""
 hesiod RHS = ""
nss_ldap is disabled
 LDAP+TLS is disabled
 LDAP server = "ldap://SRV1.people.local"
 LDAP base DN = "dc=people,dc=local"
nss_nis is disabled
 NIS server = ""
 NIS domain = ""
nss_nisplus is disabled
nss_winbind is disabled
 SMB workgroup = "PEOPLE"
 SMB servers = "SRV1.PEOPLE.LOCAL"
 SMB security = "ads"
 SMB realm = "PEOPLE.LOCAL"
 Winbind template shell = "/bin/false"
 SMB idmap range = "16777216-33554431"
nss_sss is enabled by default
nss_wins is disabled
nss_mdns4_minimal is disabled
DNS preference over NSS or WINS is disabled
pam_unix is always enabled
 shadow passwords are enabled
 password hashing algorithm is sha512
pam_krb5 is disabled
 krb5 realm = ""
 krb5 realm via dns is disabled
 krb5 kdc = ""
 krb5 kdc via dns is disabled
 krb5 admin server = ""
pam_ldap is disabled
 LDAP+TLS is disabled
 LDAP server = "ldap://SRV1.people.local"
 LDAP base DN = "dc=people,dc=local"
 LDAP schema = "rfc2307"
pam_pkcs11 is disabled
 use only smartcard for login is disabled
 smartcard module = "coolkey"
 smartcard removal action = "Ignore"
pam_fprintd is disabled
pam_ecryptfs is disabled
pam_winbind is disabled
 SMB workgroup = "PEOPLE"
 SMB servers = "SRV1.PEOPLE.LOCAL"
 SMB security = "ads"
 SMB realm = "PEOPLE.LOCAL"
pam_sss is enabled by default
 credential caching in SSSD is enabled
 SSSD use instead of legacy services if possible is enabled
IPAv2 is disabled
IPAv2 domain was not joined
 IPAv2 server = ""
 IPAv2 realm = ""
 IPAv2 domain = ""
pam_pwquality is enabled (try_first_pass retry=3 authtok_type=)
pam_passwdqc is disabled ()
pam_access is disabled ()
pam_mkhomedir or pam_oddjob_mkhomedir is enabled ()
Always authorize local users is enabled ()
Authenticate system accounts against network services is disabled
$

Thanks for looking at this,

Roberts


--
==
Roberts Klotins




On 25 October 2013 13:00, <sssd-users-request@lists.fedorahosted.org> wrote:
Send sssd-users mailing list submissions to
        sssd-users@lists.fedorahosted.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.fedorahosted.org/mailman/listinfo/sssd-users
or, via email, send a message with subject or body 'help' to
        sssd-users-request@lists.fedorahosted.org

You can reach the person managing the list at
        sssd-users-owner@lists.fedorahosted.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of sssd-users digest..."


Today's Topics:

   1. Re:  sssd-users Digest, Vol 18, Issue 25 (Jakub Hrozek)
   2.  sssd - GDM login (Roberts Klotiņš)


----------------------------------------------------------------------

Message: 1
Date: Fri, 25 Oct 2013 10:02:15 +0200
From: Jakub Hrozek <jhrozek@redhat.com>
To: sssd-users@lists.fedorahosted.org
Subject: Re: [SSSD-users] sssd-users Digest, Vol 18, Issue 25
Message-ID: <20131025080215.GC7624@hendrix.brq.redhat.com>
Content-Type: text/plain; charset=utf-8

On Fri, Oct 25, 2013 at 09:58:48AM +0200, Jakub Hrozek wrote:
> On Fri, Oct 25, 2013 at 02:25:04AM +0100, Roberts Klotiņš wrote:
> > Hi again, still trying to understand how to make the setup to work.
> >
> > As the very last thing I thought to check into /etc/sysconfig/authconfig.
> > What I found was that usekerberos and useldap were set to no. Maybe they
> > (or at least kerberos) need to be set to yes?
> >
>
> Did you have a chance to gather the debug logs I asked about earlier?

Ah, sorry, it was stuck in moderation. I let that e-mail through.


------------------------------

Message: 2
Date: Fri, 25 Oct 2013 09:47:27 +0100
From: Roberts Klotiņš <roberts.klotins@gmail.com>
To: sssd-users@lists.fedorahosted.org
Subject: [SSSD-users] sssd - GDM login
Message-ID:
        <CALr2nHsBoDisjrDoTrMX7uNBJTwrBDvsUAeQQbR=8pFDHxRUrw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Hi,

I did send them to the list, but at debug level 7 sssd_PEOPLE.log file they
were about 15s KB in total and I sent them as an attachment. I was told to
await till the post is approved by moderator because size over 40KB.

I now put this same file edited for usernames and more descriptive host
names on

http://pastebin.com/ZRkmMgi6

sssd_PEOPLE.log was 15 KB
krb5_child.log was empty - 0 bytes.

With thanks,

Roberts
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fedorahosted.org/pipermail/sssd-users/attachments/20131025/793bc202/attachment-0001.html>

------------------------------

_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users


End of sssd-users Digest, Vol 18, Issue 29
******************************************



--
==
Roberts Klotins



_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users


Data comes from nsswitch.conf and pam.conf and specific pam configurations.
What is says is that SSSD is configured for authentication and identity lookups but that your SSSD is not configured to use IPA.
This is as much as I can see from the output.


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/