Hi, I am having a problem with a new dirsrv setup, getting a linux client to authenticate with LDAP. I have done all the usual things to troubleshoot, if anyone has seen this or knows what can be done I would sure appreciate any help. Here's what i'm noticing:
- I need to have the bind_dn of Directory Manager specified to lookup almost anything in LDAP, not sure why this is?
- sssd can find a sample user I created but still there seems to be a problem, it looks like PAM but I did use authselect to use the sss profile:
$ ldapsearch -x -LLL -D "cn=Directory Manager" -W -b ou=people,o=solarflow -H ldap://dev2.local '(uid=john)' cn gidNumber userPassword
Enter LDAP Password:
dn: uid=john,ou=people,o=solarflow
cn: John Smith
gidNumber: 10001
userPassword:: e1BCS0RGMixxxxxxx...xxx==
Enter LDAP Password:
dn: uid=john,ou=people,o=solarflow
cn: John Smith
gidNumber: 10001
userPassword:: e1BCS0RGMixxxxxxx...xxx==
$ sssctl domain-status ldap
Online status: Online
Active servers:
LDAP: dev2.local
Discovered LDAP servers:
- dev2.local
Online status: Online
Active servers:
LDAP: dev2.local
Discovered LDAP servers:
- dev2.local
localhost ~ $ sssctl user-checks john
user: john
action: acct
service: system-auth
sss_getpwnam_r failed with [0].
User name lookup with [john] failed.
SSSD InfoPipe user lookup result:
- name: john
- uidNumber: 10001
- gidNumber: 10001
- gecos: John Smith
- homeDirectory: /home/john
- loginShell: /bin/bash
testing pam_acct_mgmt
pam_acct_mgmt: User not known to the underlying authentication module
PAM Environment:
- no env -
user: john
action: acct
service: system-auth
sss_getpwnam_r failed with [0].
User name lookup with [john] failed.
SSSD InfoPipe user lookup result:
- name: john
- uidNumber: 10001
- gidNumber: 10001
- gecos: John Smith
- homeDirectory: /home/john
- loginShell: /bin/bash
testing pam_acct_mgmt
pam_acct_mgmt: User not known to the underlying authentication module
PAM Environment:
- no env -
localhost ~ $ getent passwd john
localhost ~ $ id john
id: 'john': no such user
$ authselect current
Profile ID: sssd
Enabled features:
- with-mkhomedir
- with-pamaccess
- with-sudo
Profile ID: sssd
Enabled features:
- with-mkhomedir
- with-pamaccess
- with-sudo
Here is my sssd.conf:
[sssd]
config_file_version = 2
domains = LDAP
#services=pam
debug_level = 6
[domain/LDAP]
id_provider = ldap
auth_provider = ldap
#chpass_provider = ldap
ldap_uri = ldap://dev2.local
ldap_search_base = o=solarflow
ldap_default_bind_dn = cn=Directory Manager
ldap_default_authtok = my_secret_password
cache_credentials = True
debug_level = 6
config_file_version = 2
domains = LDAP
#services=pam
debug_level = 6
[domain/LDAP]
id_provider = ldap
auth_provider = ldap
#chpass_provider = ldap
ldap_uri = ldap://dev2.local
ldap_search_base = o=solarflow
ldap_default_bind_dn = cn=Directory Manager
ldap_default_authtok = my_secret_password
cache_credentials = True
debug_level = 6
No comments:
Post a Comment