On Tue, 2011-06-21 at 11:06 -0400, Dan Scott wrote: > Hi, > > I'm still running a FreeIPA 1.2 server but have started installing > Fedora 15 clients and am trying to figure out how to manually setup > the Krb/LDAP configuration. > > I've run the 'authconfig-tui' command and manually setup Krb > authentication and LDAP authorisation, using DNS discovery for the > servers. The authentication is working correctly, but when I run 'id > $USERNAME' I don't receive the correct groups, so I believe that > Kerberos is working, but the LDAP configuration is wrong. I've turned > the sssd loglevel up to 100, but I can't figure out why I'm not > getting the correct groups > > My system has a variety of files and I'm not sure which are still in use: > > /etc/krb5.conf > /etc/pam_ldap.conf > /etc/sssd/sssd.conf > > On Fedora 14 and earlier, there used to be an '/etc/nss_ldap.conf' - > this is not present on F15. > > Can anyone help me figure out how to get the group lookups working?
Probably you need to add ldap_schema=rfc2307bis into the [domain/default] section of /etc/sssd/sssd.conf. If you just set authconfig up as an LDAP server, it defaults to ldap_schema = rfc2307, which uses a different attribute on the server to contain group memberships.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
