[389-users] How to set up 389 client

Chandan Kumar chandank.kumar at gmail.com
Mon Jan 7 18:43:36 UTC 2013 

Sounds bit strange. what is out put of "id <ldap-user-name>". If sssd is
configured properly this command has to work. Moreover, while you execute
this command watch /var/log/secure.log for any error messages.

Also disable selinux/Firewall and test.

On Monday, January 7, 2013, Chaudhari, Rohit K. wrote:

> I configured everything with SSSD as you suggested.  I'm able to do
> successful logins authenticating against the LDAP server, but when I check
> the Users and Groups list on the client machine, that newly created user
> isn't added.  Thoughts?
>
> Thanks.
>
> From: Chandan Kumar <chandank.kumar at gmail.com <javascript:_e({}, 'cvml',
> 'chandank.kumar at gmail.com');>>
> Reply-To: "General discussion list for the 389 Directory server project."
> <389-users at lists.fedoraproject.org <javascript:_e({}, 'cvml',
> '389-users at lists.fedoraproject.org');>>
> Date: Monday, January 7, 2013 1:36 PM
> To: "General discussion list for the 389 Directory server project." <
> 389-users at lists.fedoraproject.org <javascript:_e({}, 'cvml',
> '389-users at lists.fedoraproject.org');>>
> Subject: Re: [389-users] How to set up 389 client
>
> are you using SSSD on client side or PADL/NSS?
>
> On Monday, January 7, 2013, Chaudhari, Rohit K. wrote:
>
> I do specify the POSIX properties on the LDAP side.  But when I login with
> that created user on the client side and check the Users and Groups list on
> the client machine, it is not listed there.  I did avoid the warning
> message by adding the LDAP user to a group that already exists.  I want the
> user I create in LDAP to become listed in the Users and Groups list on the
> client (for ACL purposes, if you know anything regarding meeting DIACAP
> guidelines).  Did I miss something?
>
> Thanks
>
> From: Chandan Kumar <chandank.kumar at gmail.com>
> Reply-To: "General discussion list for the 389 Directory server project."
> <389-users at lists.fedoraproject.org>
> Date: Monday, January 7, 2013 11:39 AM
> To: "General discussion list for the 389 Directory server project." <
> 389-users at lists.fedoraproject.org>
> Subject: Re: [389-users] How to set up 389 client
>
> Hello Rohit,
>
> While creating users you also need to specify POSIX properties for the
> user.
>
> In admin console you need to fill out posix properties details while
> creating the user. Also make sure you create posix groups and associate
> these new users with the group ID otherwise while login time you may get
> some warning message like  "id: Group does not exist".
>
>
>
>
> --
> http://about.me/chandank
>
>
> On Mon, Jan 7, 2013 at 7:27 AM, Chaudhari, Rohit K. <
> Rohit.Chaudhari at jhuapl.edu> wrote:
>
> Hey Chandan,
>
> So I got the RHEL client working, but I have an outstanding issue.  When I
> look at the users/groups setting on the client machine, the newly created
> user that I made on the RHEL LDAP server does not show up on the list.  Is
> this how it is supposed to work?  If not, how do I get a LDAP user to
> become a part of the users and groups list on the RHEL client?
>
> Thanks,
>
> Rohit
>
> From: Chandan Kumar <chandank.kumar at gmail.com>
> Reply-To: "General discussion list for the 389 Directory server project."
> <389-users at lists.fedoraproject.org>
> Date: Thursday, December 20, 2012 6:21 PM
>
> To: "General discussion list for the 389 Directory server project." <
> 389-users at lists.fedoraproject.org>
> Subject: Re: [389-users] How to set up 389 client
>
> Yes do need to replace it with SSSD. If you are having a fresh Centos
> install, by default it is sssd only.
>
> Best way would be to use the authconfig tool as it changes all related
> files and you don't have to manually change all of them.  Moreover, you
> also need change the nss.conf file and make sure groups/users do have sssd
> instead of ldap.
>
> From RHEL 6.4 sssd will be fully supported and it gives better performance
> if you intend to integrate many applications with LDAP as it does not open
> multiple connections with the directory server.
>
> I will look that guide again and will try to improve it.
>
> On Thursday, December 20, 2012, Chaudhari, Rohit K. wrote:
>
> Okay I will try checking those parameters.  I am doing sssd, I used ldap
> pan before in CentOS 6 and that ha
>
>

-- 

--
http://about.me/chandank
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130107/4b35b46c/attachment.html>

More information about the 389-users mailing list