<div dir="ltr">Hi Bellow is my sssd.conf<div><br></div><div>with bellow setting, user cant login. </div><div>but if i remove ldap_access_filter , then all user can access</div><div><br></div><div>What i am doing wrong... </div>
<div>i just want user from "techops" group to access this server..</div><div><br></div><div><br></div><div>any help will be really grateful .<br clear="all"><div><br></div><div>[sssd]</div><div>config_file_version = 2</div>
<div>services = nss, pam</div><div>domains = LDAP</div><div><br></div><div>[nss]</div><div>filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd</div><div><br></div><div>[pam]</div><div><br></div><div>[domain/LDAP]</div>
<div>id_provider = ldap</div><div>auth_provider = ldap</div><div>ldap_schema = rfc2307</div><div>ldap_uri = ldap://auth2.xxxxxx.lan/,ldap://auth1.xxxxxxxlan/</div><div>ldap_search_base = l=uk,dc=xxxx,dc=lan</div><div>ldap_tls_reqcert = demand</div>
<div>cache_credentials = true</div><div>enumerate = true</div><div>debug_level = 10</div><div>ldap_tls_cacertdir = /etc/openldap/xxx/</div><div>ldap_tls_cert = /etc/openldap/cacerts/CA-xxx.crt</div><div>access_provider = ldap</div>
<div>ldap_access_filter = memberUid=cn=techops,ou=groups,l=uk,dc=xxxx,dc=lan</div><div>#entry_cache_timeout = 600</div><div>#ldap_network_timeout = 3</div><div><br></div><div><br></div><div style>and the log i get from secure file</div>
<div style><br></div><div style><div>2013-05-28T22:13:02.782543+01:00 uk-xxxxx-1 sshd[4172]: pam_sss(sshd:auth): received for user mtest: 9 (Authentication service cannot retrieve authentication info)</div><div>2013-05-28T22:13:04.597478+01:00 uk-xxxx-1 sshd[4172]: Failed password for mtest from xxx.xx.xx.xx port 52664 ssh2</div>
<div><br></div><div><br></div><div style>Thanks</div><div style><br></div></div>
</div></div>