Hi,
I'm an authentication problem with my server CentOS 6.3, there are
installer LDAP (openldap-2.4.23-26) and SSSD (sssd-1.8.0-32).
The LDAP server is working fine but the integration between LDAP + SSSD has
a problem because it can not authenticate the user on the server
Can anyone help me identify the problem?
I've revised all the configuration and found nothing wrong.
::::: slapd.conf :::::
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
TLSCACertificateFile /etc/openldap/cacert.pem
TLSCertificateFile /etc/openldap/servercrt.pem
TLSCertificateKeyFile /etc/openldap/serverkey.pem
access to *
by self write
by users auth
by anonymous read
database bdb
suffix "dc=domain,dc=com,dc=br"
checkpoint 1024 15
rootdn "cn=Manager,dc=domain,dc=com,dc=br"
rootpw xxxxxxxxxx
directory /database/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
database monitor
loglevel 768
::::: sssd.conf :::::
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = default
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
[pam]
reconnection_retries = 3
debug_level = 8
[domain/default]
ldap_tls_reqcert = never
auth_provider = ldap
ldap_id_use_start_tls = False
chpass_provider = ldap
krb5_realm = EXAMPLE.COM
cache_credentials = True
debug_timestamps = True
ldap_default_authtok_type = password
ldap_search_base = dc=domain,dc=com,dc=br
debug_level = 9
id_provider = ldap
ldap_default_bind_dn = cn=Manager,dc=domain,dc=com,dc=br
min_id = 100
ldap_uri = ldap://localhost/
krb5_kdcip = kerberos.example.com
ldap_default_authtok = xxxxxxxxxx
ldap_tls_cacertdir = /etc/openldap/cacerts
:::: nsswitch.conf :::::
passwd: files sss
shadow: files sss
group: files sss
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files sss
publickey: nisplus
automount: files ldap
aliases: files nisplus
LOG:
Feb 18 14:50:01 primario slapd[16064]: conn=1119 op=185 SRCH
base="dc=domain,dc=com,dc=br" scope=2 deref=0
filter="(&(uid=cristiane)(objectClass=posixAccount))"
Feb 18 14:50:01 primario slapd[16064]: conn=1119 op=185 SRCH
attr=objectClass uid userPassword uidNumber gidNumber gecos homeDirectory
loginShell krbPrincipalName cn modifyTimestamp modifyTimestamp
shadowLastChange shadowMin shadowMax shadowWarning shadowInactive
shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdAttribute
authorizedService accountExpires userAccountControl nsAccountLock host
loginDisabled loginExpirationTime loginAllowedTimeMap
Feb 18 14:50:01 primario slapd[16064]: conn=1119 op=185 SEARCH RESULT
tag=101 err=32 nentries=0 text=
Thanks
Cristiane
