On 02/13/2014 03:44 AM, Sumit Bose wrote:
On Thu, Feb 13, 2014 at 09:19:43AM +0530, Ganesh Hariharan wrote:
> I configured the centos client with system-config-auth, essentially I need
> to login from terminal or over ssh with the username and credentials of my
> ldap server.... please help
The config looks basically ok, the krb5_* options are not needed for an
LDAP only setup, but should not do any harm either.
Can you be a bit more specific about the issues you are seeing? I assume
from the subject that you cannot log in. Does 'getent passwd your_user'
show the user entry for the user who tries to log in? If you user is not
show, have you checked if ldaps works as expected with the given
certificates?
Can you add 'debug_level = 0xFFF0' to the [domain/default], [nss] and
[pam] sections and send the log files in /var/log/sssd? Feel free to
send them to me directly if you think the logs will expose too many
information.
bye,
Sumit
Also check that SSSD is configured in the PAM and NSS stacks.
> and below is the configuration
> [domain/default]
>
> ldap_id_use_start_tls = True
> cache_credentials = True
> ldap_search_base = dc=sysopminds,dc=com
> krb5_realm =
EXAMPLE.COM
> krb5_server =
kerberos.example.com
> id_provider = ldap
> auth_provider = ldap
> chpass_provider = ldap
> ldap_uri = ldaps://10.0.0.6
> ldap_tls_cacertdir = /etc/openldap/cacerts
> [sssd]
> services = nss, pam
> config_file_version = 2
>
> domains = default
> [nss]
> [pam]
> [sudo]
> [autofs]
> [ssh]
> [pac]
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/