On 04/04/2013 08:03 AM, Sutton, Harry (GSSE) wrote:
Okay, so I have sssd-ad pretty much working on a Fedora 18 laptop,
I'm not having much luck getting it going on RHEL 6.4, at least not
for GDM logins.
If I have the sssd daemon running, I get an authentication failure
using my domain username / password, and my local account login takes
orders of magnitude longer to complete than if sssd is shut off. This
is after I've manually (and successfully) completed 'kinit
<domain-username>' and 'net ads join -k', so I have a TGT and two
application principals (cifs and ldap) attached to my domain user
principal. There is also a valid krb5.keytab file in /etc/.
Now from my Fedora laptop, where I'm logged in with my domain
credentials (the same ones, obviously, as I'm trying to use from my
RHEL 6.4 workstation): if the sssd daemon is not running on the RHEL
6.4 workstation, an attempt to ssh from the laptop fails with an
authentication error. Once I start sssd on the workstation, my ssh
connection from the laptop succeeds without any password or passphrase
challenges - presumably because the kerberos credentials are in force.
How SSH is configured on the RHEL box?
Does it use GSSAPI Authentication?
The version in F18 should be very close to version in RHEL 6.4.
Are your sssd.conf files in any way different?
It seems that your RHEL box is misconfigured in some way.
Things to look at is your pam.conf for the desktop login, nsswitch.conf,
sssd.conf and ssh configuration files.
Looking at those would most likely provide the answers.
The files /etc/krb5.conf, /etc/samba/smb.conf, and /etc/sssd/sssd.conf
are identical on both systems, but obviously the applications and
libraries are different versions between Fedora 18 and RHEL 6.4. Has
anyone here gotten everything working (with Microsoft Active
Directory) using sssd on RHEL 6.4?
Global Solutions Support Engineering (GSSE)
GSD Customer Solution Center
Technology Services, Enterprise Group
sssd-users mailing list
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
Looking to carve out IT costs?