sssd and ldap config
Stephen Gallagher
sgallagh at redhat.com
Wed Jun 9 16:06:19 UTC 2010
On 06/09/2010 11:48 AM, Michael Cronenworth wrote:
> Nalin Dahyabhai wrote:
>> Setting nsswitch.conf to "ldap" doesn't test sssd -- the source for that
>> information should be listed as "sss" if you want to use sssd.
>
> A fresh F13 install defaults to "files sss", so it is implied I was
> using it.
>
>> The example sssd.conf doesn't look right to me -- the bits in there that
>> mention Kerberos-specific (krb5*) settings don't fit at all since the
>> auth_provider isn't set to Kerberos (krb5) and the client isn't being
>> told to use Kerberos to authenticate to the directory server. There
>> aren't any of the TLS-related settings that sssd-ldap(5) details in
>> there, either.
>
> I'm not using Kerberos. I have it set to use LDAP for all authentication.
>
>>
>> If that doesn't point you in the right direction, you might want to ask
>> on the sssd list.
>
> Looks like I'm headed that way. Thanks.
Michael, please post your [sanitized] sssd.conf somewhere. Right now, my
best guess would be that you are using LDAPS or LDAP+TLS and are having
a certificate error.
My second-best guess is that your users' UID or primary GID is < 1000,
which is ignored by SSSD by default. (We've decided upstream that we're
going to change this default to 1, as so many people have hit it).
--
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
More information about the users
mailing list