I'm trying to connect my server to a LDAP server. I get a correct answer after using *id* and *ldapsearch* commands. However, i still not able to login with SSH.
I can see on sssd_LDAP.log file that the server has received the request to login with the user (myuser), but the request was rejected.
tail -f /var/log/sssd/sssd_LDAP.log
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [be_get_account_info] (0x0200): Got request for [0x1001][FAST BE_REQ_USER][1][name=omri_w]
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP'
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [get_server_status] (0x0100): Hostname resolution expired, resetting the server status of 'ldap21v.walla.co.il'
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [set_server_common_status] (0x0100): Marking server 'ldap21v.walla.co.il' as 'name not resolved'
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'ldap21v.walla.co.il' in files
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [set_server_common_status] (0x0100): Marking server 'ldap21v.walla.co.il' as 'resolving name'
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'ldap21v.walla.co.il' in files
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'ldap21v.walla.co.il' in DNS
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [set_server_common_status] (0x0100): Marking server 'ldap21v.walla.co.il' as 'name resolved'
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [be_resolve_server_process] (0x0200): Found address for server ldap21v.walla.co.il: [192.168.50.21] TTL 600
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [sdap_get_server_opts_from_rootdse] (0x0020): ldap_rootdse_last_usn configured but not found in rootdse!
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'ldap21v.walla.co.il' as 'working'
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [set_server_common_status] (0x0100): Marking server 'ldap21v.walla.co.il' as 'working'
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [be_get_account_info] (0x0200): Got request for [0x1003][FAST BE_REQ_INITGROUPS][1][name=myuser]
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [sdap_initgr_nested_send] (0x0100): User entry lacks original memberof ?
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [be_get_account_info] (0x0200): Got request for [0x3][BE_REQ_INITGROUPS][1][name=myuser]
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [sdap_initgr_nested_send] (0x0100): User entry lacks original memberof ?
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [be_pam_handler] (0x0100): Got request with the following data
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): domain: LDAP
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): user: myuser
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): service: sshd
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): tty: ssh
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): ruser:
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): rhost: 192.118.68.5
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): authtok type: 0
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): newauthtok type: 0
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): priv: 1
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): cli_pid: 2208
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [pam_print_data] (0x0100): logon name: not set
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 7, <NULL>) [Success (Authentication failure)]
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): Sending result [7][LDAP]
(Mon Dec 5 12:39:48 2016) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): Sent result [7][LDAP]
Does anyone know what is the issue?