strange behaviour of sssd

Rick Stevens ricks at nerd.com
Wed Jun 23 16:05:34 UTC 2010


On 06/23/2010 06:45 AM, Eric Doutreleau wrote:
> i m trying to setup sssd 1.2 on our network and i have strange behaviour
> with it
>
> here is my config
>
> [sssd]
> config_file_version = 2
>
> reconnection_retries = 3
>
> sbus_timeout = 30
> services = nss, pam
>
> domains = default
> [nss]
> filter_groups = root
> filter_users = root
> reconnection_retries = 3
>
> [pam]
> reconnection_retries = 3
>
> [domain/default]
>
> ldap_id_use_start_tls = False
> ldap_tls_reqcert = never
> cache_credentials = True
> ldap_search_base = dc=int-evry,dc=fr
> ldap_user_search_base = ou=People,dc=int-evry,dc=fr
> ldap_group_search_base = ou=Group,ou=System,dc=int-evry,dc=fr
> chpass_provider = none
> id_provider = ldap
> auth_provider = ldap
> debug_level = 9
> min_id = 1
> ldap_uri = ldap://ldapdev.int-evry.fr/
> ldap_schema = rfc2307
> access_provider = ldap
> ldap_access_filter = IntEPersInetServ=*unix-int*
> ldap_default_bind_dn = cn=mcibind,ou=System,dc=int-evry,dc=fr
> ldap_default_authtok_type = password
> ldap_default_authtok = xxxxxx
> enumerate = True
> create_homedir = False
>
> but when i connect to the machine i got the following message
> ssh doutrele at b008-07
> Last login: Wed Jun 23 15:21:10 2010 from 157.159.21.133
> id: cannot find name for user ID 14517
> id: cannot find name for group ID 145
> id: cannot find name for user ID 14517
> $ id
> uid=14517 gid=145 groupes=145,146,160,401,1000000,1000008
> $ id doutrele
> id: doutrele : No such user
> if i run ldapsearch i can acces to the value
>
> ldapsearch -x uidNumber=14517 -b dc=int-evry,dc=fr -h
> ldapdev.int-evry.fr -D cn=mcibind,ou=system,dc=int-evry,dc=fr -W uid cn
> gidNumber uidNumber Gecos
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base<dc=int-evry,dc=fr>  with scope subtree
> # filter: uidNumber=14517
> # requesting: uid cn gidNumber uidNumber Gecos
> #
>
> # doutrele, People, int-evry.fr
> dn: uid=doutrele,ou=People,dc=int-evry,dc=fr
> uidNumber: 14517
> gidNumber: 145
> uid: doutrele
> gecos: Eric DOUTRELEAU
> cn: Eric DOUTRELEAU
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> it looks like a problem with accces of data but i can"t see where is the
> problem.
> is there a way to see what is in the local cache?

Have you configured /etc/nsswitch.conf?  You need something like:

	passwd:     files ldap
	shadow:     files ldap
	group:      files ldap

or the system won't know to look at LDAP (or the nscd cache if you have
it running) to supplement the /etc/passwd, /etc/shadow or /etc/group
files.

Try "getent passwd".  You should see the data from your /etc/passwd
file AND your LDAP data.  If you don't see the LDAP data, then the odds
are your nsswitch.conf isn't set up.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, C2 Hosting          ricks at nerd.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-         "If you can't fix it...duct tape it!"  -- Tim Allen        -
----------------------------------------------------------------------


More information about the users mailing list