2:15 a.m.
Hey,
I want to setup the following scenario.
- the nss will be used from the local source (/etc/passwd, /etc/group)
- the pam authentication will come from ldap that will exist on an
Windows AD server
the OS is an centos 7.2.
the actual test setup gives me some errors that i did not understand
------------ sssd.conf ----------------
[sssd]
config_file_version = 2
services = pam, nss
domains = testad
[nss]
[pam]
[domain/testad]
id_provider = proxy
proxy_lib_name = files
auth_provider = ldap
ldap_schema = AD
ldap_default_bind_dn = cn=administrator,cn=users,dc=example,dc=com
ldap_default_authtok=XXXXXXXXXXXX
ldap_uri = ldaps://192.168.122.222:3269/
ldap_search_base = dc=example,dc=com
ldap_tls_reqcert = allow
ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
-------- sssd_testad.log -----------------------------
(Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [set_server_common_status]
(0x0100): Marking server '192.168.122.222' as 'working'
(Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [fo_set_port_status]
(0x0400): Marking port 3269 of duplicate server '192.168.122.222' as
'working'
(Mon Nov 7 16:29:45 2016) [sssd[be[testad]]]
[sdap_search_user_next_base] (0x0400): Searching for users with base
[dc=example,dc=com]
(Mon Nov 7 16:29:45 2016) [sssd[be[testad]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(sAMAccountName=testnutzer1)(objectclass=user))][dc=example,dc=com].
(Mon Nov 7 16:29:45 2016) [sssd[be[testad]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Operations
error(1), 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform
this operation a successful bind must be completed on the connection.,
data 0, v1db1
(Mon Nov 7 16:29:45 2016) [sssd[be[testad]]]
[sdap_get_generic_op_finished] (0x0040): Unexpected result from ldap:
Operations error(1), 000004DC: LdapErr: DSID-0C0906E8, comment: In order
to perform this operation a successful bind must be completed on the
connection., data 0, v1db1
(Mon Nov 7 16:29:45 2016) [sssd[be[testad]]]
[generic_ext_search_handler] (0x0040): sdap_get_generic_ext_recv failed
[5]: Eingabe-/Ausgabefehler
(Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [get_user_dn_done]
(0x0040): Failed to retrieve users
(Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [be_pam_handler_callback]
(0x0100): Backend returned: (3, 4, <NULL>) [Internal Error (Systemfehler)]
it will be great if somebody can say, if it is a structural problem or a
misconfiguration.
any helpful tip would be appreciated.
best regards
Michael
m.wandel(a)t-online.de
2:20 a.m.
On Tue, Nov 08, 2016 at 09:15:43AM +0100, Michael Wandel wrote:
Hey,
I want to setup the following scenario.
- the nss will be used from the local source (/etc/passwd, /etc/group)
- the pam authentication will come from ldap that will exist on an
Windows AD server
the OS is an centos 7.2.
Please see my reply to your mail from yesterday
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
bye,
Sumit
>
> the actual test setup gives me some errors that i did not understand
>
> ------------ sssd.conf ----------------
> [sssd]
> config_file_version = 2
> services = pam, nss
> domains = testad
>
> [nss]
>
> [pam]
>
> [domain/testad]
> id_provider = proxy
> proxy_lib_name = files
> auth_provider = ldap
> ldap_schema = AD
> ldap_default_bind_dn = cn=administrator,cn=users,dc=example,dc=com
> ldap_default_authtok=XXXXXXXXXXXX
> ldap_uri = ldaps://192.168.122.222:3269/
> ldap_search_base = dc=example,dc=com
> ldap_tls_reqcert = allow
> ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
>
> -------- sssd_testad.log -----------------------------
>
> (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [set_server_common_status]
> (0x0100): Marking server '192.168.122.222' as 'working'
> (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [fo_set_port_status]
> (0x0400): Marking port 3269 of duplicate server '192.168.122.222' as
> 'working'
> (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]]
> [sdap_search_user_next_base] (0x0400): Searching for users with base
> [dc=example,dc=com]
> (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(sAMAccountName=testnutzer1)(objectclass=user))][dc=example,dc=com].
> (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Operations
> error(1), 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform
> this operation a successful bind must be completed on the connection.,
> data 0, v1db1
> (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]]
> [sdap_get_generic_op_finished] (0x0040): Unexpected result from ldap:
> Operations error(1), 000004DC: LdapErr: DSID-0C0906E8, comment: In order
> to perform this operation a successful bind must be completed on the
> connection., data 0, v1db1
> (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]]
> [generic_ext_search_handler] (0x0040): sdap_get_generic_ext_recv failed
> [5]: Eingabe-/Ausgabefehler
> (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [get_user_dn_done]
> (0x0040): Failed to retrieve users
> (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [be_pam_handler_callback]
> (0x0100): Backend returned: (3, 4, <NULL>) [Internal Error (Systemfehler)]
>
> it will be great if somebody can say, if it is a structural problem or a
> misconfiguration.
>
> any helpful tip would be appreciated.
>
> best regards
>
> Michael
>
> m.wandel(a)t-online.de
>
>
>
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
2719
days inactive
2719
days old
sssd-users@lists.fedorahosted.org
1 comments
2 participants
participants (2)
-
Michael Wandel -
Sumit Bose