Hi,<br><br>I'm trying to get the GDM login manager to work with sssd and LDAP authentication. So far one can login with ssh, getent passwd shows all LDAP users and su - also works. But GDM says "Authentication failure". I searched Google for this but did not found something useful or just for old Fedora releases or without the new fancy sssd. The kickstart "authconfig" command or the GUI "system-config-authentication" did not produce any config that worked. We are using Sun sirectory server.<br>
<br>I also noticed that there are lot of places where to configugure LDAP client config: /etc/sssd/sssd.conf, /etc/openldap/ldap.conf, /etc/sysconfig/autofs. The packages pam_ldap and nss_ldap are missing on the Fedora 14 DVD. Also the autofs package is missing on the DVD.<br>
<br>How can one get the graphical login manager to work with LDAP authentication via sssd?<br><br>My config:<br><br><br>/etc/nsswitch.conf<br><br><div style="margin-left: 40px;">passwd: files sss<br>shadow: files sss<br>
group: files sss<br>
</div><br><br>/etc/sssd/sssd.conf<br><br><div style="margin-left: 40px;">[sssd]<br>config_file_version = 2<br>debug_level = 10<br>reconnection_retries = 3<br>sbus_timeout = 30<br>services = nss, pam<br>domains = LOCAL,LDAP<br>
<br>[nss]<br>filter_groups = root<br>filter_users = root<br>reconnection_retries = 3<br><br>[pam]<br>reconnection_retries = 3<br><br>[domain/LOCAL]<br>description = LOCAL Users domain<br>id_provider = local<br>enumerate = true<br>
min_id = 500<br>max_id = 999<br><br>[domain/LDAP]<br>id_provider = ldap<br>auth_provider = ldap<br>ldap_schema = rfc2307<br>ldap_uri = ldap://<a href="http://ldap.example.com" target="_blank">ldap.example.com</a><br>ldap_search_base = dc=example,dc=com<br>
ldap_default_bind_dn = cn=proxyagent,ou=special_users,dc=example,dc=com<br>ldap_default_authtok_type = password<br>ldap_default_authtok = mypassword<br>ldap_user_search_base = ou=people,dc=example,dc=com<br>ldap_group_search_base = ou=group,dc=example,dc=com<br>
ldap_tls_reqcert = never<br>cache_credentials = true<br>enumerate = true<br><br></div>/etc/pam.d/gdm<br><br><div style="margin-left: 40px;">auth [success=done ignore=ignore default=bad] pam_selinux_permit.so<br>auth required pam_succeed_if.so user != root quiet<br>
auth required pam_env.so<br>auth substack system-auth<br>auth optional pam_gnome_keyring.so<br>account required pam_nologin.so<br>account include system-auth<br>password include system-auth<br>
session required pam_selinux.so close<br>session required pam_loginuid.so<br>session optional pam_console.so<br>session required pam_selinux.so open<br>session optional pam_keyinit.so force revoke<br>
session required pam_namespace.so<br>session optional pam_gnome_keyring.so auto_start<br>session include system-auth<br></div><br>/etc/pam.d/gdm-password<br> <br><div style="margin-left: 40px;">auth [success=done ignore=ignore default=bad] pam_selinux_permit.so<br>
auth substack password-auth<br>auth required pam_succeed_if.so user != root quiet<br>auth optional pam_gnome_keyring.so<br><br>account required pam_nologin.so<br>account include password-auth<br>
<br>password include password-auth<br><br>session required pam_selinux.so close<br>session required pam_loginuid.so<br>session optional pam_console.so<br>session required pam_selinux.so open<br>
session optional pam_keyinit.so force revoke<br>session required pam_namespace.so<br>session optional pam_gnome_keyring.so auto_start<br>session include password-auth<br></div><br><br>