-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/21/2013 12:24 PM, John Uhlig wrote:
I have been trying to resolve this problem for a couple weeks and tried hundreds of iterations without success. I will try to be brief and concise.
(1) I have a centos 6.4 openldap-2.4.35 server configured for ssh authentication with a test account "localjoe".
dn:uid=localjoe,ou=internal,dc=example,dc=com objectClass:top objectClass:person objectClass:organizationalPerson objectClass:inetOrgPerson objectClass:posixAccount cn:CN=localjoe,ou=internal,dc=example,dc=com sn:localjoe userPassword:{MD5}KRVE5i0tSdtSdBLzZ6h3VnR4dk4 description:posix acct ou:internal uid:localjoe uidNumber:103418 gidNumber:100 loginShell:/bin/bash homeDirectory:/tmp
(2) I have an ubuntu ldap client system (zander) and can ssh localjoe@zander successfully.
(3) I have a centos 6.4 sssd ldap client system (argot) and cannot ssh localjoe@argot.
(4) The client (argos) /var/log/secure reports: ------------------------------------------------------------ Aug 21 07:56:39 argot sshd[9640]: pam_succeed_if(sshd:auth): error retrieving information about user localjoe Aug 21 07:56:41 argot sshd[9640]: Failed password for invalid user localjoe from XX.XX.XX.XX port 50380 ssh2 Aug 21 07:56:44 argot sshd[9641]: Connection closed by XX.XX.XX.XX Aug 21 07:59:47 argot sshd[9688]: Invalid user localjoe from XX.XX.XX.XX Aug 21 07:59:47 argot sshd[9689]: input_userauth_request: invalid user localjoe Aug 21 07:59:51 argot sshd[9688]: pam_unix(sshd:auth): check pass; user unknown Aug 21 07:59:51 argot sshd[9688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=argot
(5)The client (argos) sssd log file reports: ------------------------------------------------------- (Wed Aug 21 08:27:45 2013) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
(6) "getent passwd" works with nslcd daemon running but "getent --s sss passwd" does not work.
(7) ldapsearch (as per example from this mail list works ok:
[root@argot security]# ldapsearch -x -LLL '(&(uid=localjoe)(objectClass=posixAccount))' uidnumber homedirectory gidnumber loginshell dn: uid=localjoe,ou=internal,dc=example,dc=com uidNumber: 103418 gidNumber: 100 loginShell: /bin/bash homeDirectory: /tmp
I wonder if anyone has heard of similar problems with centos 6.4 sssd ldap client and might have a suggestion.
It would be very helpful if you could include your sssd.conf. I strongly suspect that you have a typo in your configuration somewhere.