On Tue, 2011-06-21 at 11:06 -0400, Dan Scott wrote:
> Hi,
> I'm still running a FreeIPA 1.2 server but have started installing
> Fedora 15 clients and am trying to figure out how to manually setup
> the Krb/LDAP configuration.
> I've run the 'authconfig-tui' command and manually setup Krb
> authentication and LDAP authorisation, using DNS discovery for the
> servers. The authentication is working correctly, but when I run 'id
> $USERNAME' I don't receive the correct groups, so I believe that
> Kerberos is working, but the LDAP configuration is wrong. I've turned
> the sssd loglevel up to 100, but I can't figure out why I'm not
> getting the correct groups
> My system has a variety of files and I'm not sure which are still in use:
> /etc/krb5.conf
> /etc/pam_ldap.conf
> /etc/sssd/sssd.conf
> On Fedora 14 and earlier, there used to be an '/etc/nss_ldap.conf' -
> this is not present on F15.
> Can anyone help me figure out how to get the group lookups working?

Probably you need to add ldap_schema=rfc2307bis into the
[domain/default] section of /etc/sssd/sssd.conf.

If you just set authconfig up as an LDAP server, it defaults to
ldap_schema = rfc2307, which uses a different attribute on the server to
contain group memberships.

Attachment: signature.asc
Description: This is a digitally signed message part

Freeipa-users mailing list

Reply via email to