-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/21/2013 12:24 PM, John Uhlig wrote:
I have been trying to resolve this problem for a couple weeks and
tried hundreds of iterations without success. I will try to be
brief and concise.
(1) I have a centos 6.4 openldap-2.4.35 server configured for ssh
authentication with a test account "localjoe".
dn:uid=localjoe,ou=internal,dc=example,dc=com objectClass:top
objectClass:person objectClass:organizationalPerson
objectClass:inetOrgPerson objectClass:posixAccount
cn:CN=localjoe,ou=internal,dc=example,dc=com sn:localjoe
userPassword:{MD5}KRVE5i0tSdtSdBLzZ6h3VnR4dk4 description:posix
acct ou:internal uid:localjoe uidNumber:103418 gidNumber:100
loginShell:/bin/bash homeDirectory:/tmp
(2) I have an ubuntu ldap client system (zander) and can ssh
localjoe@zander successfully.
(3) I have a centos 6.4 sssd ldap client system (argot) and cannot
ssh localjoe@argot.
(4) The client (argos) /var/log/secure reports:
------------------------------------------------------------ Aug 21
07:56:39 argot sshd[9640]: pam_succeed_if(sshd:auth): error
retrieving information about user localjoe Aug 21 07:56:41 argot
sshd[9640]: Failed password for invalid user localjoe from
XX.XX.XX.XX port 50380 ssh2 Aug 21 07:56:44 argot sshd[9641]:
Connection closed by XX.XX.XX.XX Aug 21 07:59:47 argot sshd[9688]:
Invalid user localjoe from XX.XX.XX.XX Aug 21 07:59:47 argot
sshd[9689]: input_userauth_request: invalid user localjoe Aug 21
07:59:51 argot sshd[9688]: pam_unix(sshd:auth): check pass; user
unknown Aug 21 07:59:51 argot sshd[9688]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=argot
(5)The client (argos) sssd log file reports:
------------------------------------------------------- (Wed Aug 21
08:27:45 2013) [sssd[be[default]]] [sdap_process_result] (0x2000):
Trace: ldap_result found nothing!
(6) "getent passwd" works with nslcd daemon running but "getent
--s sss passwd" does not work.
(7) ldapsearch (as per example from this mail list works ok:
--------------------------------------------------------------------------------
[root@argot security]# ldapsearch -x -LLL
'(&(uid=localjoe)(objectClass=posixAccount))' uidnumber
homedirectory gidnumber loginshell dn:
uid=localjoe,ou=internal,dc=example,dc=com uidNumber: 103418
gidNumber: 100 loginShell: /bin/bash homeDirectory: /tmp
I wonder if anyone has heard of similar problems with centos 6.4
sssd ldap client and might have a suggestion.
It would be very helpful if you could include your sssd.conf. I
strongly suspect that you have a typo in your configuration somewhere.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlIU8rsACgkQeiVVYja6o6PgKwCeO3ZQqwMDywvQpFNXQD5oIy9X
YGUAn3/J9GU+BS+/ySARR+qGXplzlVE5
=7Jls
-----END PGP SIGNATURE-----