On (18/03/14 15:35), kevin sullivan wrote:I would recommend to update to CentOS 6.5
>After trying for several days, I want to ask if this is even possible:
>
>I am running CentOS 6.4 and I have sssd-1.9.2-82 installed. I would like to
(lot of crashes and bugs were fixed in 6.5)
You can use authconfig to configure pam-stack and nsswitch on CentOS/Fedora
>log into my machine by querying an OpenLDAP server running else where. The
>big difference that I have from the normal sssd setup, is I only want to
>use the local Unix accounts (/etc/passwd and /etc/shadow) if my LDAP server
>is offline.
>
>So how do I do this? Should I be able to do all of this through pam? Either
>way, the issue I am seeing with sssd is the return value of pam when sssd
>can't connect to my ldap server. It always returns 'user_unknown' instead
>of 'authinfo_unavail' as I would expect. Am I configuring something
>incorrectly?
>
>/etc/pam.d/password-auth:
>
>#%PAM-1.0
># This file is auto-generated.
># User changes will be destroyed the next time authconfig is run.
>auth required pam_env.so
>auth [success=done new_authtok_reqd=done authinfo_unavail=ignore
>default=die] pam_sss.so forward_pass
>auth sufficient pam_unix.so nullok try_first_pass
>auth requisite pam_succeed_if.so uid >= 500 quiet
>auth required pam_deny.so
>
This is part of my /etc/pam.d/password-auth
----------------------------------------------------------------------
auth required pam_env.so
auth sufficient pam_unix.so try_first_pass nullok
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_sss.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
----------------------------------------------------------------------
SSSD could not connect to the LDAP server.>/etc/sssd/sssd.conf:
>
>[domain/default]
>debug_level = 9
>
>ldap_search_base = dc=example,dc=com
>id_provider = ldap
>auth_provider = ldap
>access_provider = ldap
>ldap_access_filter = memberOf=cn=group,ou=Roles,dc=example,dc=com
>ldap_group_member = memberUid
>ldap_group_search_base = ou=Roles,dc=example,dc=com
>chpass_provider = ldap
>ldap_uri = ldap://test-server/
>
>[sssd]
>debug_level = 9
>services = pam
>config_file_version = 2
>
>domains = default
>
>[nss]
>debug_level = 9
>
>[pam]
>debug_level = 9
>
>[sudo]
>debug_level = 9
>
>[autofs]
>debug_level = 9
>
>[ssh]
>debug_level = 9
>
>[pac]
>debug_level = 9
>
>/var/log/sssd/sssd_default.log:
>
>(Tue Mar 18 19:09:52 2014) [sssd[be[default]]] [sbus_message_handler]
>(0x4000): Received SBUS method [getAccountInfo]
>(Tue Mar 18 19:09:52 2014) [sssd[be[default]]] [be_get_account_info]
>(0x0100): Got request for [3][1][name=user]
>(Tue Mar 18 19:09:52 2014) [sssd[be[default]]] [ldb] (0x4000): Added timed
>event "ltdb_callback": 0x196b8f0
>
>(Tue Mar 18 19:09:52 2014) [sssd[be[default]]] [ldb] (0x4000): Added timed
>event "ltdb_timeout": 0x196c2b0
>
>(Tue Mar 18 19:09:52 2014) [sssd[be[default]]] [ldb] (0x4000): Destroying
>timer event 0x196c2b0 "ltdb_timeout"
>
>(Tue Mar 18 19:09:52 2014) [sssd[be[default]]] [ldb] (0x4000): Ending timer
>event 0x196b8f0 "ltdb_callback"
>
>(Tue Mar 18 19:09:52 2014) [sssd[be[default]]] [acctinfo_callback]
>(0x0100): Request processed. Returned 1,11,Offline
We will need whole log file sssd_default.log.
LS
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users