Hello –

Thank-you for your e-mail. I corrected the syntax in the file, and I have 
confirmed the permissions are correct:

-rw-------. 1 root root 266 Jun 23 08:45 sssd.conf

Unfortunately, the error condition and messages listed in my initial e-mail are 
still present.



From: l...@avc.su [mailto:l...@avc.su]
Sent: Thursday, June 23, 2016 8:34 AM
To: CentOS mailing list; Kaplan, Andrew H.
Subject: Re: [CentOS] sssd.conf file missing

Hello Andrew.

The sssd.conf should be owned by root:root, mode 0600.
Also please note this line in your config:


[<domain>.org]
enumate = true
it's enumerate, not enumate.



23.06.2016, 15:24, "Kaplan, Andrew H." 
<ahkap...@partners.org<mailto:ahkap...@partners.org>>:

Hello --

We are running CentOS 7.2 on a virtual machine, and we are trying to set up 
LDAP authentication. The ldap packages that are currently installed on the 
system are the following:

python-sss 1.13.0-40.el7_2.4
python-sssdconfig 1.13.0-40.el7_2.4
sssd 1.13.0-40.el7_2.4
sssd-ad 1.13.0-40.el7_2.4
sssd-client 1.13.0-40.el7_2.4
sssd-common 1.13.0-40.el7_2.4
sssd-common-pac 1.13.0-40.el7_2.4
sssd-dbus 1.13.0-40.el7_2.4
sssd-ipa 1.13.0-40.el7_2.4
sssd-krb5 1.13.0-40.el7_2.4
sssd-krb5-common 1.13.0-40.el7_2.4
sssd-ldap 1.13.0-40.el7_2.4
sssd-libwbclient 1.13.0-40.el7_2.4
sssd-libwbclient-devel 1.13.0-40.el7_2.4
sssd-proxy 1.13.0-40.el7_2.4
sssd-tools 1.13.0-40.el7_2.4

I ran the following commands to set up LDAP/AD authentication:

# ln -s /bin/bash /bin/PHSshell
# ln -s /home /PHShome
# authconfig --enablesssdauth --enablemkhomedir --enablesssd -update
# chkconfig sssd on
# service sssd restart

Initially, I ran into problems because I had not created an sssd.conf file. 
Eventually I did create one, and its contents are the following:

[<domain>.org]
enumate = true
cache_credentials = TRUE

id_provider = ldap
auth_provider = ldap
chpass_provider = ldap

ldap_uri = ldap://ldap.<domain>.org
ldap_search_base = dc=<domain>,dc=org
tls_reqcert = demand
ldap_tls_cacert /etc/pki/tls/certs/ca-bundle.crt

If there are any additions or corrections that I need to make, please let me 
know.

I reran the service sssd restart command, and the error message that I am 
seeing via journalctl -xe is the following:

Unit sssd.service has begun starting up.
Jun 22 16:05:34 roadtest2.partners.org sssd[6384]: SSSD couldn't load the 
configuration database [5]: Input/output error.
Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service: control 
process exited, code=exited status=4
Jun 22 16:05:34 roadtest2.partners.org systemd[1]: Failed to start System 
Security Services Daemon.
-- Subject: Unit sssd.service has failed
-- Defined-By: systemd
-- Support: 
http://lists.freedesktop.org/mailman.../systemd-devel<http://lists.freedesktop.org/mailman/listinfo/systemd-devel>
--
-- Unit sssd.service has failed.
--
-- The result is failed.
Jun 22 16:05:34 roadtest2.partners.org systemd[1]: Unit sssd.service entered 
failed state.
Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service failed.
Jun 22 16:05:34 roadtest2.partners.org polkitd[787]: Unregistered 
Authentication Agent for unix-process:6369:52587318 (system bus name :1.2287,
object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale 
en_US.UTF-8) (disconnected from bus)

Any ideas?


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.
_______________________________________________
CentOS mailing list
CentOS@centos.org<mailto:CentOS@centos.org>
https://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Reply via email to