>Ah so you are using it with trust. Then you should change the configuration to
>not use kerberos but rather LDAP instead.
>More details are here.
Thanks. When I ran ipa-adtrust-install on the servers, I hadn't used the
--enable-compat flag, so I re-ran "ipa-adtrust-install --enable-compat" on all
three IPA servers. I then cleared the sssd cache on the RHEL 5 client and
restarted sssd, but users still couldn't log in. Originally I had run
"ipa-advise config-redhat-sssd-before-1-9" on the server, so I tried re-running
that with "ipa-advise config-redhat-nss-ldap" instead, and ran the resulting
script on the client. Still no success -- I'm still getting the same error.
The current sssd.conf file on the client is:
services = nss, pam
config_file_version = 2
domains = default
re_expression = (?P<name>.+)
cache_credentials = True
id_provider = ldap
auth_provider = ldap
ldap_uri = ldap://genet.ipa.middlebury.edu
ldap_search_base = cn=compat,dc=ipa,dc=middlebury,dc=edu
ldap_tls_cacert = /etc/openldap/cacerts/ipa.crt
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project