On Tue, Nov 08, 2016 at 09:15:43AM +0100, Michael Wandel wrote:
Hey,
I want to setup the following scenario.
- the nss will be used from the local source (/etc/passwd, /etc/group)
- the pam authentication will come from ldap that will exist on an
Windows AD server
the OS is an centos 7.2.
Please see my reply to your mail from yesterday
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
bye,
Sumit
>
> the actual test setup gives me some errors that i did not understand
>
> ------------ sssd.conf ----------------
> [sssd]
> config_file_version = 2
> services = pam, nss
> domains = testad
>
> [nss]
>
> [pam]
>
> [domain/testad]
> id_provider = proxy
> proxy_lib_name = files
> auth_provider = ldap
> ldap_schema = AD
> ldap_default_bind_dn = cn=administrator,cn=users,dc=example,dc=com
> ldap_default_authtok=XXXXXXXXXXXX
> ldap_uri = ldaps://192.168.122.222:3269/
> ldap_search_base = dc=example,dc=com
> ldap_tls_reqcert = allow
> ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
>
> -------- sssd_testad.log -----------------------------
>
> (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [set_server_common_status]
> (0x0100): Marking server '192.168.122.222' as 'working'
> (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [fo_set_port_status]
> (0x0400): Marking port 3269 of duplicate server '192.168.122.222' as
> 'working'
> (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]]
> [sdap_search_user_next_base] (0x0400): Searching for users with base
> [dc=example,dc=com]
> (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(sAMAccountName=testnutzer1)(objectclass=user))][dc=example,dc=com].
> (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Operations
> error(1), 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform
> this operation a successful bind must be completed on the connection.,
> data 0, v1db1
> (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]]
> [sdap_get_generic_op_finished] (0x0040): Unexpected result from ldap:
> Operations error(1), 000004DC: LdapErr: DSID-0C0906E8, comment: In order
> to perform this operation a successful bind must be completed on the
> connection., data 0, v1db1
> (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]]
> [generic_ext_search_handler] (0x0040): sdap_get_generic_ext_recv failed
> [5]: Eingabe-/Ausgabefehler
> (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [get_user_dn_done]
> (0x0040): Failed to retrieve users
> (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [be_pam_handler_callback]
> (0x0100): Backend returned: (3, 4, <NULL>) [Internal Error (Systemfehler)]
>
> it will be great if somebody can say, if it is a structural problem or a
> misconfiguration.
>
> any helpful tip would be appreciated.
>
> best regards
>
> Michael
>
> m.wandel(a)t-online.de
>
>
>
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org