ldap authentication problems

David L idht4n at gmail.com
Mon May 10 19:27:23 UTC 2010

On Mon, May 10, 2010 at 12:05 PM, Nalin Dahyabhai wrote:
> On Thu, May 06, 2010 at 02:59:59PM -0700, David L wrote:
>> I'm trying to authenticate with ldap on f13 using the same ldap.conf I'm using
>> successfully on f12.  But it doesn't like my password and I see a message like
>> this in /var/log/secure:
>> May  6 14:37:22 empire su: pam_sss(su:auth): received for user foo: 10
>> (User not known to the underlying authentication module)
> The pam_sss module is part of SSSD, which doesn't use /etc/ldap.conf.
> The SSSD service is configured in /etc/sssd/sssd.conf, and I think in
> F13, it's used when you configure the system to use LDAP.
> Other than dropping ldap.conf in place, how did you configure the
> system?  Did you choose LDAP during installation, run
> system-config-authentication afterward, or something else?

When I upgrade between fedora releases, I usually
install with only local users, then run system-config-authentication
and select "Enable LDAP support" on the "User Information" tab
and on the "Authentication" tab and then click "OK".  Then I just
copy the old /etc/ldap.conf from the previous release over the
one in /etc on the new release.  I do this because the "Configure
LDAP" gui doesn't have enough functionality to create the ldap.conf
that my sys admin set up for an old version of fedora (like fc6).  This
procedure has worked fine until recent releases.  f13 seems to
have changed more with respect to authentication than other releases
though... for example, the system-config-authentication GUI no longer
has the same tabs and it gives error messages under certain conditions
if TLS is not used to encrypt connections.  On f12, I have the "Use TLS
to encrypt connections" unchecked and the "LDAP Server" starts with
"ldap://", not "ldaps://", but IIRC, f13 gives an error message given
the same configuration in the gui.  What do I need to do to migrate
the ldap.conf settings that I posted in the first messages of this
thread to get ldap authentication working in f13?



More information about the test mailing list