I am no expert in LDAP, I have attached my system-auth file. It may help you as it is working with my 389 server.<div><br></div><div>For SSSD setup <a href="http://www.couyon.net/1/post/2012/04/enabling-ldap-usergroup-support-and-authentication-in-centos-6.html" style="color:rgb(75,169,118);font-family:'Helvetica Neue Light',HelveticaNeue-Light,'Helvetica Neue',Helvetica,Arial,sans-serif;outline:none;text-decoration:none;display:inline;line-height:19px;background-color:rgb(255,255,255)">http://www.couyon.net/1/post/2012/04/enabling-ldap-usergroup-support-and-authentication-in-centos-6.html</a> could help you.</div>
<div><br></div><div><div><br></div><div><div>Thanks</div><div>Chandan</div><div><br>On Wednesday, January 9, 2013, Doug Tucker wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I still can't seem to figure out how to import my groups to 389 from openldap, but the users transferred fine. However moving forward, I created a group manually in 389 and added my username to the group. Now from my client, if I do: id tuckerd, i get the results I'm looking for:<br>
<br>
# id tuckerd<br>
uid=4011(tuckerd) gid=500(seasadm) groups=500(seasadm)<br>
<br>
However, attempts to log in at the console with tuckerd it fails authentication. On this clients in secure.log I get this:<br>
<br>
<br>
Jan 9 13:06:18 asteriskvm sshd[4546]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.76.1 user=tuckerd<br>
Jan 9 13:06:18 asteriskvm sshd[4546]: pam_sss(sshd:auth): received for user tuckerd: 4 (System error)<br>
Jan 9 13:06:19 asteriskvm sshd[4546]: Failed password for tuckerd from 172.16.76.1 port 57093 ssh2<br>
Jan 9 13:06:33 asteriskvm sshd[4546]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.76.1 user=tuckerd<br>
Jan 9 13:06:33 asteriskvm sshd[4546]: pam_sss(sshd:auth): received for user tuckerd: 9 (Authentication service cannot retrieve authentication info)<br>
Jan 9 13:06:35 asteriskvm sshd[4546]: Failed password for tuckerd from 172.16.76.1 port 57093 ssh2<br>
Jan 9 13:06:36 asteriskvm sshd[4547]: Connection closed by 172.16.76.1<br>
Jan 9 13:06:36 asteriskvm sshd[4546]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.76.1 user=tuckerd<br>
<br>
I have changed the password in 389 for tuckerd and am confident it is being typed correctly.<br>
<br>
[09/Jan/2013:13:10:48 -0600] conn=2458 fd=64 slot=64 connection from 129.119.103.59 to 129.119.113.231<br>
[09/Jan/2013:13:10:48 -0600] conn=2458 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms defaultnamingcontext lastusn highestcommittedusn aci"<br>
[09/Jan/2013:13:10:48 -0600] conn=2458 op=0 RESULT err=0 tag=101 nentries=1 etime=0<br>
[09/Jan/2013:13:10:48 -0600] conn=2458 op=1 BIND dn="" method=128 version=3<br>
[09/Jan/2013:13:10:48 -0600] conn=2458 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn=""<br>
[09/Jan/2013:13:10:48 -0600] conn=2458 op=2 SRCH base="dc=engr,dc=smu,dc=edu" scope=2 filter="(&(uid=tuckerd)(<u></u>objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbprincipalname cn modifyTimestamp modifyTimestamp shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krblastpwdchange krbpasswordexpiration pwdAttribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap"<br>
[09/Jan/2013:13:10:48 -0600] conn=2458 op=2 RESULT err=0 tag=101 nentries=1 etime=0<br>
[09/Jan/2013:13:10:48 -0600] conn=2458 op=3 SRCH base="dc=engr,dc=smu,dc=edu" scope=2 filter="(&(memberUid=tuckerd)(<u></u>objectClass=posixGroup)(cn=*)(<u></u>&(gidNumber=*)(!(gidNumber=0))<u></u>))" attrs="objectClass cn userPassword gidNumber memberUid modifyTimestamp modifyTimestamp"<br>
[09/Jan/2013:13:10:48 -0600] conn=2458 op=3 RESULT err=0 tag=101 nentries=1 etime=0 notes=U,P<br>
[09/Jan/2013:13:10:48 -0600] conn=2459 fd=65 slot=65 connection from 129.119.103.59 to 129.119.113.231<br>
[09/Jan/2013:13:10:48 -0600] conn=2459 op=0 EXT oid="1.3.6.1.4.1.1466.20037"<br>
[09/Jan/2013:13:10:48 -0600] conn=2459 op=0 RESULT err=2 tag=120 nentries=0 etime=0<br>
[09/Jan/2013:13:10:48 -0600] conn=2459 op=-1 fd=65 closed error 34 (Numerical result out of range) - B2<br>
<br>
Which has to be the most cryptic error logging I've ever seen :). Can anyone help me make sense of this and what it means?<br>
<br>
-- <br>
Sincerely,<br>
<br>
Doug Tucker<br>
<br>
--<br>
389 users mailing list<br>
<a>389-users@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.<u></u>org/mailman/listinfo/389-users</a></blockquote></div></div>
</div><br><br>-- <br><br><div>--</div><div><a href="http://about.me/chandank" target="_blank">http://about.me/chandank</a><br></div><br>