[389-users] User unable to login with ldap_access_filter on
Fosiul Alam
fosiul at gmail.com
Tue May 28 21:45:08 UTC 2013
Hi Bellow is my sssd.conf
with bellow setting, user cant login.
but if i remove ldap_access_filter , then all user can access
What i am doing wrong...
i just want user from "techops" group to access this server..
any help will be really grateful .
[sssd]
config_file_version = 2
services = nss, pam
domains = LDAP
[nss]
filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
[pam]
[domain/LDAP]
id_provider = ldap
auth_provider = ldap
ldap_schema = rfc2307
ldap_uri = ldap://auth2.xxxxxx.lan/,ldap://auth1.xxxxxxxlan/
ldap_search_base = l=uk,dc=xxxx,dc=lan
ldap_tls_reqcert = demand
cache_credentials = true
enumerate = true
debug_level = 10
ldap_tls_cacertdir = /etc/openldap/xxx/
ldap_tls_cert = /etc/openldap/cacerts/CA-xxx.crt
access_provider = ldap
ldap_access_filter = memberUid=cn=techops,ou=groups,l=uk,dc=xxxx,dc=lan
#entry_cache_timeout = 600
#ldap_network_timeout = 3
and the log i get from secure file
2013-05-28T22:13:02.782543+01:00 uk-xxxxx-1 sshd[4172]: pam_sss(sshd:auth):
received for user mtest: 9 (Authentication service cannot retrieve
authentication info)
2013-05-28T22:13:04.597478+01:00 uk-xxxx-1 sshd[4172]: Failed password for
mtest from xxx.xx.xx.xx port 52664 ssh2
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130528/6bfd8c50/attachment.html>
More information about the 389-users
mailing list