Error No matching domain found for 5001 in sssd_nss.log
John Nissley
jnissley at nissley.org
Sun Jul 11 05:08:23 UTC 2010
I will admit that getting fedora 13 to authenticate against my dirsrv
ldap server has been an interesting experience. I still do not think I
have it right since getent passwd does not display the ldap users but
for some reason I am able to log in with my ldap user name and password
and the home directory mapping is pulled out of ldap.
This error is in my sssd.nss.log file after reboot when I try to log in.
[sssd[nss]] [nss_cmd_getgrgid_callback] (0): No matching domain found
for [5001], fail!
The interesting thing is that the uid for the user trying to
authenticate is 5001 so that must be coming back from the ldap server.
Here is what matters in my nsswitch.conf file.
passwd: files sss
shadow: files sss
group: files sss
If I change that to files ldap then getent passwd will return my ldap
users but then initial boot takes about 10 minutes since the computer
tries to contact the ldap server during boot up before the ethernet card
has been brought up.
Here is what matters from my sssd.conf file.
[domain/xxxxxxx] (where xxxxxxx is the domain in ldap)
ldap_id_use_start_tls = True
cache_credentials = True
debug_level = 0
ldap_search_base = dc=nissley,dc=org
chpass_provider = ldap
id_provider = ldap
auth_provider = ldap
cache_credentials = True
min_id = 100
ldap_uri = ldap://192.168.10.7
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_reqcert = allow
I do have an issue with a self signed certificate so that is why I am
using the ldap_tls_reqcert = allow setting.
Can some on please help me straighten out my network login via ldap
problem I am having. I was doing the same network login to the same
ldap server with Fedora 12 and had no issues at all. Fedora 13 requires
tls or ldaps which is where my problems started. I was not using either
of them when using Fedora 12.
Thank you.
More information about the users
mailing list