Hey,
I want to setup the following scenario.
- the nss will be used from the local source (/etc/passwd, /etc/group)
- the pam authentication will come from ldap that will exist on an Windows AD server
the OS is an centos 7.2.
the actual test setup gives me some errors that i did not understand
------------ sssd.conf ---------------- [sssd] config_file_version = 2 services = pam, nss domains = testad
[nss]
[pam]
[domain/testad] id_provider = proxy proxy_lib_name = files auth_provider = ldap ldap_schema = AD ldap_default_bind_dn = cn=administrator,cn=users,dc=example,dc=com ldap_default_authtok=XXXXXXXXXXXX ldap_uri = ldaps://192.168.122.222:3269/ ldap_search_base = dc=example,dc=com ldap_tls_reqcert = allow ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
-------- sssd_testad.log -----------------------------
(Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [set_server_common_status] (0x0100): Marking server '192.168.122.222' as 'working' (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [fo_set_port_status] (0x0400): Marking port 3269 of duplicate server '192.168.122.222' as 'working' (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [sdap_search_user_next_base] (0x0400): Searching for users with base [dc=example,dc=com] (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=testnutzer1)(objectclass=user))][dc=example,dc=com]. (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [sdap_get_generic_op_finished] (0x0400): Search result: Operations error(1), 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [sdap_get_generic_op_finished] (0x0040): Unexpected result from ldap: Operations error(1), 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [generic_ext_search_handler] (0x0040): sdap_get_generic_ext_recv failed [5]: Eingabe-/Ausgabefehler (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [get_user_dn_done] (0x0040): Failed to retrieve users (Mon Nov 7 16:29:45 2016) [sssd[be[testad]]] [be_pam_handler_callback] (0x0100): Backend returned: (3, 4, <NULL>) [Internal Error (Systemfehler)]
it will be great if somebody can say, if it is a structural problem or a misconfiguration.
any helpful tip would be appreciated.
best regards
Michael
m.wandel@t-online.de