subject:"Re\: \[CentOS\] sssd.conf file missing"

Re: [CentOS] sssd.conf file missing

2016-06-23 Thread Gordon Messmer


On 06/23/2016 05:23 AM, Kaplan, Andrew H. wrote:

We are running CentOS 7.2 on a virtual machine, and we are trying to set up 
LDAP authentication.


In an AD environment, it's important to point out that you typically 
can't do "ldap authentication".  You can, but you'll need a service 
account to do it, and none of the work you've described so far indicates 
that you've set one up.


Instead of thinking about AD as LDAP, consider it a set of services that 
should be used together.  Technically, you'll use LDAP for identity and 
Kerberos for authentication, but you should think of AD as providing 
both identity and authentication.


The easy way to use AD is to use the realm tool to set up integration:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/realmd-domain.html

The details of setting up AD manually are described in excruciating 
detail here:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/pdf/Windows_Integration_Guide/Red_Hat_Enterprise_Linux-7-Windows_Integration_Guide-en-US.pdf

If you use realmd, you should not need to edit sssd.conf at all.  If you 
decide to do things manually, I'd still recommend providing the complete 
configuration description to "authconfig" and allowing it to write 
sssd.conf for you.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] sssd.conf file missing

2016-06-23 Thread Kaplan, Andrew H.

Hello -

I have made the following changes to the nsswitch.conf file as suggested by 
another mailing-list member:

Domain = .org
...
Method = nsswitch

and I have restarted idmapd service.

I checked the nsswitch.conf file, and references to sss are mentioned in the 
following lines:

passwd:
shadow:
group:
...
services:
netgroup:
...
automount:

I also ran the following command syntax as root to check the sssd configuration:

sssd -c /etc/sssd/sssd.conf -d2 -i

The output was as follows:

sssd -c /etc/sssd/sssd.conf -d2 -i
(Thu Jun 23 10:44:39:600097 2016) [sssd] [add_implicit_services] (0x0040): 
id_provider is not set for domain [.org], trying next domain.
(Thu Jun 23 10:44:39:600411 2016) [sssd] [confdb_get_domain_internal] (0x0010): 
Unknown domain [.org]
(Thu Jun 23 10:44:39:600443 2016) [sssd] [confdb_get_domains] (0x0010): Error 
(2 [No such file or directory]) retrieving domain [.org], skipping!
(Thu Jun 23 10:44:39:600452 2016) [sssd] [confdb_get_domains] (0x0010): No 
properly configured domains, fatal error!
(Thu Jun 23 10:44:39:600458 2016) [sssd] [get_monitor_config] (0x0010): No 
domains configured.
(Thu Jun 23 10:44:39:600483 2016) [sssd] [main] (0x0020): SSSD couldn't load 
the configuration database.



The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] sssd.conf file missing

2016-06-23 Thread m . roth

Kaplan, Andrew H. wrote:
> Hello -
>
> I have made the following changes to the nsswitch.conf file as suggested
> by another mailing-list member:
>
> Domain = .org
> ...
> Method = nsswitch
>
> and I have restarted idmapd service.
>

> I also ran the following command syntax as root to check the sssd
> configuration:
>
> sssd -c /etc/sssd/sssd.conf -d2 -i
>
> The output was as follows:
>
> sssd -c /etc/sssd/sssd.conf -d2 -i
> (Thu Jun 23 10:44:39:600097 2016) [sssd] [add_implicit_services] (0x0040):
> id_provider is not set for domain [.org], trying next domain.
> (Thu Jun 23 10:44:39:600411 2016) [sssd] [confdb_get_domain_internal]
> (0x0010): Unknown domain [.org]
> (Thu Jun 23 10:44:39:600443 2016) [sssd] [confdb_get_domains] (0x0010):
> Error (2 [No such file or directory]) retrieving domain [.org],
> skipping!
> (Thu Jun 23 10:44:39:600452 2016) [sssd] [confdb_get_domains] (0x0010): No
> properly configured domains, fatal error!
> (Thu Jun 23 10:44:39:600458 2016) [sssd] [get_monitor_config] (0x0010): No
> domains configured.
> (Thu Jun 23 10:44:39:600483 2016) [sssd] [main] (0x0020): SSSD couldn't
> load the configuration database.
>
Getting in deeper here than I'm familiar with. Have you found this yet:


Got that by googling: CentOS 7 "id provider"

Hope that helps.

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] sssd.conf file missing

2016-06-23 Thread Kaplan, Andrew H.

Hello -

I have made the changes to the nsswitch.conf file as suggested, and I have 
restarted idmapd service. I also ran the following command
syntax as root to check the sssd configuration:

sssd -c /etc/sssd/sssd.conf -d2 -i

The output was as follows:

sssd -c /etc/sssd/sssd.conf -d2 -i
(Thu Jun 23 10:44:39:600097 2016) [sssd] [add_implicit_services] (0x0040): 
id_provider is not set for domain [.org], trying next domain.
(Thu Jun 23 10:44:39:600411 2016) [sssd] [confdb_get_domain_internal] (0x0010): 
Unknown domain [.org]
(Thu Jun 23 10:44:39:600443 2016) [sssd] [confdb_get_domains] (0x0010): Error 
(2 [No such file or directory]) retrieving domain [.org], skipping!
(Thu Jun 23 10:44:39:600452 2016) [sssd] [confdb_get_domains] (0x0010): No 
properly configured domains, fatal error!
(Thu Jun 23 10:44:39:600458 2016) [sssd] [get_monitor_config] (0x0010): No 
domains configured.
(Thu Jun 23 10:44:39:600483 2016) [sssd] [main] (0x0020): SSSD couldn't load 
the configuration database.






The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] sssd.conf file missing

2016-06-23 Thread m . roth

Kaplan, Andrew H. wrote:
> Hello --
>
> I have not touched that file.
>
> What change(s) do I need to make there?
>
Please stop top posting.

That *may* affect you later, when you try to NFS mount directories, or it
may be confusing the issue. In any case, it *requires* editing.

First, put in a Domain = .

Then, make sure that Method = nsswitch is uncommented.

Finally, and this is the part that leads me to think there may be an
issue, comment out or delete *all* references in the UMICH_SCHEMA stanza.

Then restart idmapd (on 7, I think it's systemctl restart nfs-idmapd (or
something like that). This is, as I noted, more for NFS, but the
UMICH_SCHEMA being live in there, if idpad is running, makes me nervous.

 mark


>
>
> -Original Message-
> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
> Behalf Of m.r...@5-cent.us
> Sent: Thursday, June 23, 2016 9:36 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] sssd.conf file missing
>
> Kaplan, Andrew H. wrote:
>> Hello --
>>
>> I made the suggested changes to the sssd.conf file, and the results
>> are the same.
>>
>> Just to make sure my syntax is correct:
>>
>> The following section was added to the end of the file:
>>
>> [sssd]
>> debug_level = 4
>> config_file_version = 2
>> domains = company/company.org
>>
> One little detail you may have missed: have you edited /etc/idmapd.conf?
>
>  mark
>>
>> -Original Message-
>> From: l...@avc.su [mailto:l...@avc.su]
>> Sent: Thursday, June 23, 2016 9:08 AM
>> To: Kaplan, Andrew H.; CentOS mailing list
>> Subject: Re: [CentOS] sssd.conf file missing
>>
>> OK, lets dig further.
>>
>> Does your sssd.conf have [sssd] section?
>> Something like
>>
>> [sssd]
>> debug_level = 4
>> config_file_version = 2
>> domains = your-domain-name-here
>>
>> If it's not there, add it and modify the [your-domain-name-here]
>> section so it'll look like this:
>> [domain/your-domain-name-here]
>>
>>
>> 23.06.2016, 15:51, "Kaplan, Andrew H." <ahkap...@partners.org>:
>>> Hello –
>>>
>>> Thank-you for your e-mail. I corrected the syntax in the file, and I
>>> have confirmed the permissions are correct:
>>>
>>> -rw---. 1 root root 266 Jun 23 08:45 sssd.conf
>>>
>>> Unfortunately, the error condition and messages listed in my initial
>>> e-mail are still present.
>>>
>>> From: l...@avc.su [mailto:l...@avc.su]
>>> Sent: Thursday, June 23, 2016 8:34 AM
>>> To: CentOS mailing list; Kaplan, Andrew H.
>>> Subject: Re: [CentOS] sssd.conf file missing
>>>
>>> Hello Andrew.
>>>
>>> The sssd.conf should be owned by root:root, mode 0600.
>>>
>>> Also please note this line in your config:
>>>
>>> [.org]
>>> enumate = true
>>>
>>> it's enumerate, not enumate.
>>>
>>> 23.06.2016, 15:24, "Kaplan, Andrew H." <ahkap...@partners.org>:
>>>
>>>> Hello --
>>>>
>>>> We are running CentOS 7.2 on a virtual machine, and we are trying to
>>>> set up LDAP authentication. The ldap packages that are currently
>>>> installed on the system are the following:
>>>>
>>>> python-sss 1.13.0-40.el7_2.4
>>>> python-sssdconfig 1.13.0-40.el7_2.4
>>>> sssd 1.13.0-40.el7_2.4
>>>> sssd-ad 1.13.0-40.el7_2.4
>>>> sssd-client 1.13.0-40.el7_2.4
>>>> sssd-common 1.13.0-40.el7_2.4
>>>> sssd-common-pac 1.13.0-40.el7_2.4
>>>> sssd-dbus 1.13.0-40.el7_2.4
>>>> sssd-ipa 1.13.0-40.el7_2.4
>>>> sssd-krb5 1.13.0-40.el7_2.4
>>>> sssd-krb5-common 1.13.0-40.el7_2.4
>>>> sssd-ldap 1.13.0-40.el7_2.4
>>>> sssd-libwbclient 1.13.0-40.el7_2.4
>>>> sssd-libwbclient-devel 1.13.0-40.el7_2.4 sssd-proxy
>>>> 1.13.0-40.el7_2.4 sssd-tools 1.13.0-40.el7_2.4
>>>>
>>>> I ran the following commands to set up LDAP/AD authentication:
>>>>
>>>> # ln -s /bin/bash /bin/PHSshell
>>>> # ln -s /home /PHShome
>>>> # authconfig --enablesssdauth --enablemkhomedir --enablesssd -update
>>>> # chkconfig sssd on # service sssd restart
>>>>
>>>> Initially, I ran into problems because I had not created an
>>>> sssd.conf file. Eventually I did create one, and its contents are the
>>>> following:
>>>>
>>>> [.org]

Re: [CentOS] sssd.conf file missing

2016-06-23 Thread Kaplan, Andrew H.

Hello --

I have not touched that file. 

What change(s) do I need to make there?



-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
m.r...@5-cent.us
Sent: Thursday, June 23, 2016 9:36 AM
To: CentOS mailing list
Subject: Re: [CentOS] sssd.conf file missing

Kaplan, Andrew H. wrote:
> Hello --
>
> I made the suggested changes to the sssd.conf file, and the results 
> are the same.
>
> Just to make sure my syntax is correct:
>
> The following section was added to the end of the file:
>
> [sssd]
> debug_level = 4
> config_file_version = 2
> domains = company/company.org
>
One little detail you may have missed: have you edited /etc/idmapd.conf?

 mark
>
> -Original Message-
> From: l...@avc.su [mailto:l...@avc.su]
> Sent: Thursday, June 23, 2016 9:08 AM
> To: Kaplan, Andrew H.; CentOS mailing list
> Subject: Re: [CentOS] sssd.conf file missing
>
> OK, lets dig further.
>
> Does your sssd.conf have [sssd] section?
> Something like
>
> [sssd]
> debug_level = 4
> config_file_version = 2
> domains = your-domain-name-here
>
> If it's not there, add it and modify the [your-domain-name-here] 
> section so it'll look like this:
> [domain/your-domain-name-here]
>
>
> 23.06.2016, 15:51, "Kaplan, Andrew H." <ahkap...@partners.org>:
>> Hello –
>>
>> Thank-you for your e-mail. I corrected the syntax in the file, and I 
>> have confirmed the permissions are correct:
>>
>> -rw---. 1 root root 266 Jun 23 08:45 sssd.conf
>>
>> Unfortunately, the error condition and messages listed in my initial 
>> e-mail are still present.
>>
>> From: l...@avc.su [mailto:l...@avc.su]
>> Sent: Thursday, June 23, 2016 8:34 AM
>> To: CentOS mailing list; Kaplan, Andrew H.
>> Subject: Re: [CentOS] sssd.conf file missing
>>
>> Hello Andrew.
>>
>> The sssd.conf should be owned by root:root, mode 0600.
>>
>> Also please note this line in your config:
>>
>> [.org]
>> enumate = true
>>
>> it's enumerate, not enumate.
>>
>> 23.06.2016, 15:24, "Kaplan, Andrew H." <ahkap...@partners.org>:
>>
>>> Hello --
>>>
>>> We are running CentOS 7.2 on a virtual machine, and we are trying to 
>>> set up LDAP authentication. The ldap packages that are currently 
>>> installed on the system are the following:
>>>
>>> python-sss 1.13.0-40.el7_2.4
>>> python-sssdconfig 1.13.0-40.el7_2.4
>>> sssd 1.13.0-40.el7_2.4
>>> sssd-ad 1.13.0-40.el7_2.4
>>> sssd-client 1.13.0-40.el7_2.4
>>> sssd-common 1.13.0-40.el7_2.4
>>> sssd-common-pac 1.13.0-40.el7_2.4
>>> sssd-dbus 1.13.0-40.el7_2.4
>>> sssd-ipa 1.13.0-40.el7_2.4
>>> sssd-krb5 1.13.0-40.el7_2.4
>>> sssd-krb5-common 1.13.0-40.el7_2.4
>>> sssd-ldap 1.13.0-40.el7_2.4
>>> sssd-libwbclient 1.13.0-40.el7_2.4
>>> sssd-libwbclient-devel 1.13.0-40.el7_2.4 sssd-proxy 
>>> 1.13.0-40.el7_2.4 sssd-tools 1.13.0-40.el7_2.4
>>>
>>> I ran the following commands to set up LDAP/AD authentication:
>>>
>>> # ln -s /bin/bash /bin/PHSshell
>>> # ln -s /home /PHShome
>>> # authconfig --enablesssdauth --enablemkhomedir --enablesssd -update 
>>> # chkconfig sssd on # service sssd restart
>>>
>>> Initially, I ran into problems because I had not created an 
>>> sssd.conf file. Eventually I did create one, and its contents are the 
>>> following:
>>>
>>> [.org]
>>> enumate = true
>>> cache_credentials = TRUE
>>>
>>> id_provider = ldap
>>> auth_provider = ldap
>>> chpass_provider = ldap
>>>
>>> ldap_uri = ldap://ldap..org
>>> ldap_search_base = dc=,dc=org tls_reqcert = demand 
>>> ldap_tls_cacert /etc/pki/tls/certs/ca-bundle.crt
>>>
>>> If there are any additions or corrections that I need to make, 
>>> please let me know.
>>>
>>> I reran the service sssd restart command, and the error message that 
>>> I am seeing via journalctl -xe is the following:
>>>
>>> Unit sssd.service has begun starting up.
>>> Jun 22 16:05:34 roadtest2.partners.org sssd[6384]: SSSD couldn't 
>>> load the configuration database [5]: Input/output error.
>>> Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service:
>>> control process exited, code=exited status=4 Jun 22 16:05:34 
>>> roadtest2.partners.org systemd[1]: Failed to start System Security 
>>> Services

Re: [CentOS] sssd.conf file missing

2016-06-23 Thread l

Almost :)

In [sssd]:
not 'domains = company/company.org' but 'domains = company.org'

and the section with all your LDAP configs should be called [domain/company.org]

'man sssd.conf' has the basic conf example.
Looking at my own conf, I'm seeing 'services' line under the [sssd] section. I 
thought it has default values, but apparently it doesnt. Let's alter your conf 
so it'll look like this:

[domain/company.org]
all-your-ldap-confs

[sssd]
debug_level = 4
config_file_version = 2
domains = company.org
services  = nss,pam

[nss]
debug_level = 1

[pam]
debug_level = 1

Also you can debug interactively:
sudo sssd -c /etc/sssd/sssd.conf -d2 -i
It will throws all its logs to your console.

By the way, I've noted this line in your initial email:
authconfig --enablesssdauth --enablemkhomedir --enablesssd -update 
As far as I remember, '-update ' should have two dashes, '--update'.
If you don't see 'sss' in some lines in /etc/nsswitch.conf, you should re-run 
authconfig. But that's part of other problem, I think.



23.06.2016, 16:18, "Kaplan, Andrew H." <ahkap...@partners.org>:
> Hello --
>
> I made the suggested changes to the sssd.conf file, and the results are the 
> same.
>
> Just to make sure my syntax is correct:
>
> The following section was added to the end of the file:
>
> [sssd]
> debug_level = 4
> config_file_version = 2
> domains = company/company.org
>
> -Original Message-
> From: l...@avc.su [mailto:l...@avc.su]
> Sent: Thursday, June 23, 2016 9:08 AM
> To: Kaplan, Andrew H.; CentOS mailing list
> Subject: Re: [CentOS] sssd.conf file missing
>
> OK, lets dig further.
>
> Does your sssd.conf have [sssd] section?
> Something like
>
> [sssd]
> debug_level = 4
> config_file_version = 2
> domains = your-domain-name-here
>
> If it's not there, add it and modify the [your-domain-name-here] section so 
> it'll look like this:
> [domain/your-domain-name-here]
>
> 23.06.2016, 15:51, "Kaplan, Andrew H." <ahkap...@partners.org>:
>>  Hello –
>>
>>  Thank-you for your e-mail. I corrected the syntax in the file, and I have 
>> confirmed the permissions are correct:
>>
>>  -rw---. 1 root root 266 Jun 23 08:45 sssd.conf
>>
>>  Unfortunately, the error condition and messages listed in my initial e-mail 
>> are still present.
>>
>>  From: l...@avc.su [mailto:l...@avc.su]
>>  Sent: Thursday, June 23, 2016 8:34 AM
>>  To: CentOS mailing list; Kaplan, Andrew H.
>>  Subject: Re: [CentOS] sssd.conf file missing
>>
>>  Hello Andrew.
>>
>>  The sssd.conf should be owned by root:root, mode 0600.
>>
>>  Also please note this line in your config:
>>
>>  [.org]
>>  enumate = true
>>
>>  it's enumerate, not enumate.
>>
>>  23.06.2016, 15:24, "Kaplan, Andrew H." <ahkap...@partners.org>:
>>
>>>  Hello --
>>>
>>>  We are running CentOS 7.2 on a virtual machine, and we are trying to set 
>>> up LDAP authentication. The ldap packages that are currently installed on 
>>> the system are the following:
>>>
>>>  python-sss 1.13.0-40.el7_2.4
>>>  python-sssdconfig 1.13.0-40.el7_2.4
>>>  sssd 1.13.0-40.el7_2.4
>>>  sssd-ad 1.13.0-40.el7_2.4
>>>  sssd-client 1.13.0-40.el7_2.4
>>>  sssd-common 1.13.0-40.el7_2.4
>>>  sssd-common-pac 1.13.0-40.el7_2.4
>>>  sssd-dbus 1.13.0-40.el7_2.4
>>>  sssd-ipa 1.13.0-40.el7_2.4
>>>  sssd-krb5 1.13.0-40.el7_2.4
>>>  sssd-krb5-common 1.13.0-40.el7_2.4
>>>  sssd-ldap 1.13.0-40.el7_2.4
>>>  sssd-libwbclient 1.13.0-40.el7_2.4
>>>  sssd-libwbclient-devel 1.13.0-40.el7_2.4 sssd-proxy 1.13.0-40.el7_2.4
>>>  sssd-tools 1.13.0-40.el7_2.4
>>>
>>>  I ran the following commands to set up LDAP/AD authentication:
>>>
>>>  # ln -s /bin/bash /bin/PHSshell
>>>  # ln -s /home /PHShome
>>>  # authconfig --enablesssdauth --enablemkhomedir --enablesssd -update
>>>  # chkconfig sssd on # service sssd restart
>>>
>>>  Initially, I ran into problems because I had not created an sssd.conf 
>>> file. Eventually I did create one, and its contents are the following:
>>>
>>>  [.org]
>>>  enumate = true
>>>  cache_credentials = TRUE
>>>
>>>  id_provider = ldap
>>>  auth_provider = ldap
>>>  chpass_provider = ldap
>>>
>>>  ldap_uri = ldap://ldap..org
>>>  ldap_search_base = dc=,dc=org tls_reqcert = demand
>>>  ldap_tls_cacert /etc/pki/tls/certs/ca-bundle.crt
>>>
>>>  If there are any additions or correcti

Re: [CentOS] sssd.conf file missing

2016-06-23 Thread m . roth

Kaplan, Andrew H. wrote:
> Hello --
>
> I made the suggested changes to the sssd.conf file, and the results are
> the same.
>
> Just to make sure my syntax is correct:
>
> The following section was added to the end of the file:
>
> [sssd]
> debug_level = 4
> config_file_version = 2
> domains = company/company.org
>
One little detail you may have missed: have you edited /etc/idmapd.conf?

 mark
>
> -Original Message-
> From: l...@avc.su [mailto:l...@avc.su]
> Sent: Thursday, June 23, 2016 9:08 AM
> To: Kaplan, Andrew H.; CentOS mailing list
> Subject: Re: [CentOS] sssd.conf file missing
>
> OK, lets dig further.
>
> Does your sssd.conf have [sssd] section?
> Something like
>
> [sssd]
> debug_level = 4
> config_file_version = 2
> domains = your-domain-name-here
>
> If it's not there, add it and modify the [your-domain-name-here] section
> so it'll look like this:
> [domain/your-domain-name-here]
>
>
> 23.06.2016, 15:51, "Kaplan, Andrew H." <ahkap...@partners.org>:
>> Hello –
>>
>> Thank-you for your e-mail. I corrected the syntax in the file, and I
>> have confirmed the permissions are correct:
>>
>> -rw---. 1 root root 266 Jun 23 08:45 sssd.conf
>>
>> Unfortunately, the error condition and messages listed in my initial
>> e-mail are still present.
>>
>> From: l...@avc.su [mailto:l...@avc.su]
>> Sent: Thursday, June 23, 2016 8:34 AM
>> To: CentOS mailing list; Kaplan, Andrew H.
>> Subject: Re: [CentOS] sssd.conf file missing
>>
>> Hello Andrew.
>>
>> The sssd.conf should be owned by root:root, mode 0600.
>>
>> Also please note this line in your config:
>>
>> [.org]
>> enumate = true
>>
>> it's enumerate, not enumate.
>>
>> 23.06.2016, 15:24, "Kaplan, Andrew H." <ahkap...@partners.org>:
>>
>>> Hello --
>>>
>>> We are running CentOS 7.2 on a virtual machine, and we are trying to
>>> set up LDAP authentication. The ldap packages that are currently
>>> installed on the system are the following:
>>>
>>> python-sss 1.13.0-40.el7_2.4
>>> python-sssdconfig 1.13.0-40.el7_2.4
>>> sssd 1.13.0-40.el7_2.4
>>> sssd-ad 1.13.0-40.el7_2.4
>>> sssd-client 1.13.0-40.el7_2.4
>>> sssd-common 1.13.0-40.el7_2.4
>>> sssd-common-pac 1.13.0-40.el7_2.4
>>> sssd-dbus 1.13.0-40.el7_2.4
>>> sssd-ipa 1.13.0-40.el7_2.4
>>> sssd-krb5 1.13.0-40.el7_2.4
>>> sssd-krb5-common 1.13.0-40.el7_2.4
>>> sssd-ldap 1.13.0-40.el7_2.4
>>> sssd-libwbclient 1.13.0-40.el7_2.4
>>> sssd-libwbclient-devel 1.13.0-40.el7_2.4 sssd-proxy 1.13.0-40.el7_2.4
>>> sssd-tools 1.13.0-40.el7_2.4
>>>
>>> I ran the following commands to set up LDAP/AD authentication:
>>>
>>> # ln -s /bin/bash /bin/PHSshell
>>> # ln -s /home /PHShome
>>> # authconfig --enablesssdauth --enablemkhomedir --enablesssd -update
>>> # chkconfig sssd on # service sssd restart
>>>
>>> Initially, I ran into problems because I had not created an sssd.conf
>>> file. Eventually I did create one, and its contents are the following:
>>>
>>> [.org]
>>> enumate = true
>>> cache_credentials = TRUE
>>>
>>> id_provider = ldap
>>> auth_provider = ldap
>>> chpass_provider = ldap
>>>
>>> ldap_uri = ldap://ldap..org
>>> ldap_search_base = dc=,dc=org tls_reqcert = demand
>>> ldap_tls_cacert /etc/pki/tls/certs/ca-bundle.crt
>>>
>>> If there are any additions or corrections that I need to make, please
>>> let me know.
>>>
>>> I reran the service sssd restart command, and the error message that I
>>> am seeing via journalctl -xe is the following:
>>>
>>> Unit sssd.service has begun starting up.
>>> Jun 22 16:05:34 roadtest2.partners.org sssd[6384]: SSSD couldn't load
>>> the configuration database [5]: Input/output error.
>>> Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service:
>>> control process exited, code=exited status=4 Jun 22 16:05:34
>>> roadtest2.partners.org systemd[1]: Failed to start System Security
>>> Services Daemon.
>>> -- Subject: Unit sssd.service has failed
>>> -- Defined-By: systemd
>>> -- Support:
>>> http://lists.freedesktop.org/mailman.../systemd-devel<http://lists.fr
>>> eedesktop.org/mailman/listinfo/systemd-devel>
>>>
>>> --
>>> -- Unit sssd.service has faile

Re: [CentOS] sssd.conf file missing

2016-06-23 Thread Kaplan, Andrew H.

Hello --

I made the suggested changes to the sssd.conf file, and the results are the 
same. 

Just to make sure my syntax is correct:

The following section was added to the end of the file:

[sssd]
debug_level = 4
config_file_version = 2
domains = company/company.org


-Original Message-
From: l...@avc.su [mailto:l...@avc.su] 
Sent: Thursday, June 23, 2016 9:08 AM
To: Kaplan, Andrew H.; CentOS mailing list
Subject: Re: [CentOS] sssd.conf file missing

OK, lets dig further.

Does your sssd.conf have [sssd] section? 
Something like 

[sssd]
debug_level = 4
config_file_version = 2
domains = your-domain-name-here

If it's not there, add it and modify the [your-domain-name-here] section so 
it'll look like this:
[domain/your-domain-name-here]


23.06.2016, 15:51, "Kaplan, Andrew H." <ahkap...@partners.org>:
> Hello –
>
> Thank-you for your e-mail. I corrected the syntax in the file, and I have 
> confirmed the permissions are correct:
>
> -rw---. 1 root root 266 Jun 23 08:45 sssd.conf
>
> Unfortunately, the error condition and messages listed in my initial e-mail 
> are still present.
>
> From: l...@avc.su [mailto:l...@avc.su]
> Sent: Thursday, June 23, 2016 8:34 AM
> To: CentOS mailing list; Kaplan, Andrew H.
> Subject: Re: [CentOS] sssd.conf file missing
>
> Hello Andrew.
>
> The sssd.conf should be owned by root:root, mode 0600.
>
> Also please note this line in your config:
>
> [.org]
> enumate = true
>
> it's enumerate, not enumate.
>
> 23.06.2016, 15:24, "Kaplan, Andrew H." <ahkap...@partners.org>:
>
>> Hello --
>>
>> We are running CentOS 7.2 on a virtual machine, and we are trying to set up 
>> LDAP authentication. The ldap packages that are currently installed on the 
>> system are the following:
>>
>> python-sss 1.13.0-40.el7_2.4
>> python-sssdconfig 1.13.0-40.el7_2.4
>> sssd 1.13.0-40.el7_2.4
>> sssd-ad 1.13.0-40.el7_2.4
>> sssd-client 1.13.0-40.el7_2.4
>> sssd-common 1.13.0-40.el7_2.4
>> sssd-common-pac 1.13.0-40.el7_2.4
>> sssd-dbus 1.13.0-40.el7_2.4
>> sssd-ipa 1.13.0-40.el7_2.4
>> sssd-krb5 1.13.0-40.el7_2.4
>> sssd-krb5-common 1.13.0-40.el7_2.4
>> sssd-ldap 1.13.0-40.el7_2.4
>> sssd-libwbclient 1.13.0-40.el7_2.4
>> sssd-libwbclient-devel 1.13.0-40.el7_2.4 sssd-proxy 1.13.0-40.el7_2.4 
>> sssd-tools 1.13.0-40.el7_2.4
>>
>> I ran the following commands to set up LDAP/AD authentication:
>>
>> # ln -s /bin/bash /bin/PHSshell
>> # ln -s /home /PHShome
>> # authconfig --enablesssdauth --enablemkhomedir --enablesssd -update 
>> # chkconfig sssd on # service sssd restart
>>
>> Initially, I ran into problems because I had not created an sssd.conf file. 
>> Eventually I did create one, and its contents are the following:
>>
>> [.org]
>> enumate = true
>> cache_credentials = TRUE
>>
>> id_provider = ldap
>> auth_provider = ldap
>> chpass_provider = ldap
>>
>> ldap_uri = ldap://ldap..org
>> ldap_search_base = dc=,dc=org tls_reqcert = demand 
>> ldap_tls_cacert /etc/pki/tls/certs/ca-bundle.crt
>>
>> If there are any additions or corrections that I need to make, please let me 
>> know.
>>
>> I reran the service sssd restart command, and the error message that I am 
>> seeing via journalctl -xe is the following:
>>
>> Unit sssd.service has begun starting up.
>> Jun 22 16:05:34 roadtest2.partners.org sssd[6384]: SSSD couldn't load the 
>> configuration database [5]: Input/output error.
>> Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service: 
>> control process exited, code=exited status=4 Jun 22 16:05:34 
>> roadtest2.partners.org systemd[1]: Failed to start System Security Services 
>> Daemon.
>> -- Subject: Unit sssd.service has failed
>> -- Defined-By: systemd
>> -- Support: 
>> http://lists.freedesktop.org/mailman.../systemd-devel<http://lists.fr
>> eedesktop.org/mailman/listinfo/systemd-devel>
>>
>> --
>> -- Unit sssd.service has failed.
>> --
>> -- The result is failed.
>> Jun 22 16:05:34 roadtest2.partners.org systemd[1]: Unit sssd.service entered 
>> failed state.
>> Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service failed.
>> Jun 22 16:05:34 roadtest2.partners.org polkitd[787]: Unregistered 
>> Authentication Agent for unix-process:6369:52587318 (system bus name 
>> :1.2287, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, 
>> locale en_US.UTF-8) (disconnected from bus)
>>
>> Any ideas?
>>
>> The information in this e-mail is intended only for the person to 
>>

Re: [CentOS] sssd.conf file missing

2016-06-23 Thread l

OK, lets dig further.

Does your sssd.conf have [sssd] section? 
Something like 

[sssd]
debug_level = 4
config_file_version = 2
domains = your-domain-name-here

If it's not there, add it and modify the [your-domain-name-here] section so 
it'll look like this:
[domain/your-domain-name-here]


23.06.2016, 15:51, "Kaplan, Andrew H." <ahkap...@partners.org>:
> Hello –
>
> Thank-you for your e-mail. I corrected the syntax in the file, and I have 
> confirmed the permissions are correct:
>
> -rw---. 1 root root 266 Jun 23 08:45 sssd.conf
>
> Unfortunately, the error condition and messages listed in my initial e-mail 
> are still present.
>
> From: l...@avc.su [mailto:l...@avc.su]
> Sent: Thursday, June 23, 2016 8:34 AM
> To: CentOS mailing list; Kaplan, Andrew H.
> Subject: Re: [CentOS] sssd.conf file missing
>
> Hello Andrew.
>
> The sssd.conf should be owned by root:root, mode 0600.
>
> Also please note this line in your config:
>
> [.org]
> enumate = true
>
> it's enumerate, not enumate.
>
> 23.06.2016, 15:24, "Kaplan, Andrew H." <ahkap...@partners.org>:
>
>> Hello --
>>
>> We are running CentOS 7.2 on a virtual machine, and we are trying to set up 
>> LDAP authentication. The ldap packages that are currently installed on the 
>> system are the following:
>>
>> python-sss 1.13.0-40.el7_2.4
>> python-sssdconfig 1.13.0-40.el7_2.4
>> sssd 1.13.0-40.el7_2.4
>> sssd-ad 1.13.0-40.el7_2.4
>> sssd-client 1.13.0-40.el7_2.4
>> sssd-common 1.13.0-40.el7_2.4
>> sssd-common-pac 1.13.0-40.el7_2.4
>> sssd-dbus 1.13.0-40.el7_2.4
>> sssd-ipa 1.13.0-40.el7_2.4
>> sssd-krb5 1.13.0-40.el7_2.4
>> sssd-krb5-common 1.13.0-40.el7_2.4
>> sssd-ldap 1.13.0-40.el7_2.4
>> sssd-libwbclient 1.13.0-40.el7_2.4
>> sssd-libwbclient-devel 1.13.0-40.el7_2.4
>> sssd-proxy 1.13.0-40.el7_2.4
>> sssd-tools 1.13.0-40.el7_2.4
>>
>> I ran the following commands to set up LDAP/AD authentication:
>>
>> # ln -s /bin/bash /bin/PHSshell
>> # ln -s /home /PHShome
>> # authconfig --enablesssdauth --enablemkhomedir --enablesssd -update
>> # chkconfig sssd on
>> # service sssd restart
>>
>> Initially, I ran into problems because I had not created an sssd.conf file. 
>> Eventually I did create one, and its contents are the following:
>>
>> [.org]
>> enumate = true
>> cache_credentials = TRUE
>>
>> id_provider = ldap
>> auth_provider = ldap
>> chpass_provider = ldap
>>
>> ldap_uri = ldap://ldap..org
>> ldap_search_base = dc=,dc=org
>> tls_reqcert = demand
>> ldap_tls_cacert /etc/pki/tls/certs/ca-bundle.crt
>>
>> If there are any additions or corrections that I need to make, please let me 
>> know.
>>
>> I reran the service sssd restart command, and the error message that I am 
>> seeing via journalctl -xe is the following:
>>
>> Unit sssd.service has begun starting up.
>> Jun 22 16:05:34 roadtest2.partners.org sssd[6384]: SSSD couldn't load the 
>> configuration database [5]: Input/output error.
>> Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service: control 
>> process exited, code=exited status=4
>> Jun 22 16:05:34 roadtest2.partners.org systemd[1]: Failed to start System 
>> Security Services Daemon.
>> -- Subject: Unit sssd.service has failed
>> -- Defined-By: systemd
>> -- Support: 
>> http://lists.freedesktop.org/mailman.../systemd-devel<http://lists.freedesktop.org/mailman/listinfo/systemd-devel>
>>
>> --
>> -- Unit sssd.service has failed.
>> --
>> -- The result is failed.
>> Jun 22 16:05:34 roadtest2.partners.org systemd[1]: Unit sssd.service entered 
>> failed state.
>> Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service failed.
>> Jun 22 16:05:34 roadtest2.partners.org polkitd[787]: Unregistered 
>> Authentication Agent for unix-process:6369:52587318 (system bus name :1.2287,
>> object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale 
>> en_US.UTF-8) (disconnected from bus)
>>
>> Any ideas?
>>
>> The information in this e-mail is intended only for the person to whom it is
>> addressed. If you believe this e-mail was sent to you in error and the e-mail
>> contains patient information, please contact the Partners Compliance 
>> HelpLine at
>> http://www.partners.org/complianceline . If the e-mail was sent to you in 
>> error
>> but does not contain patient information, please contact the sender and 
>> properly
>> dispose of the e-mail.
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] sssd.conf file missing

2016-06-23 Thread Kaplan, Andrew H.

Hello –

Thank-you for your e-mail. I corrected the syntax in the file, and I have 
confirmed the permissions are correct:

-rw---. 1 root root 266 Jun 23 08:45 sssd.conf

Unfortunately, the error condition and messages listed in my initial e-mail are 
still present.



From: l...@avc.su [mailto:l...@avc.su]
Sent: Thursday, June 23, 2016 8:34 AM
To: CentOS mailing list; Kaplan, Andrew H.
Subject: Re: [CentOS] sssd.conf file missing

Hello Andrew.

The sssd.conf should be owned by root:root, mode 0600.
Also please note this line in your config:


[.org]
enumate = true
it's enumerate, not enumate.



23.06.2016, 15:24, "Kaplan, Andrew H." 
<ahkap...@partners.org<mailto:ahkap...@partners.org>>:

Hello --

We are running CentOS 7.2 on a virtual machine, and we are trying to set up 
LDAP authentication. The ldap packages that are currently installed on the 
system are the following:

python-sss 1.13.0-40.el7_2.4
python-sssdconfig 1.13.0-40.el7_2.4
sssd 1.13.0-40.el7_2.4
sssd-ad 1.13.0-40.el7_2.4
sssd-client 1.13.0-40.el7_2.4
sssd-common 1.13.0-40.el7_2.4
sssd-common-pac 1.13.0-40.el7_2.4
sssd-dbus 1.13.0-40.el7_2.4
sssd-ipa 1.13.0-40.el7_2.4
sssd-krb5 1.13.0-40.el7_2.4
sssd-krb5-common 1.13.0-40.el7_2.4
sssd-ldap 1.13.0-40.el7_2.4
sssd-libwbclient 1.13.0-40.el7_2.4
sssd-libwbclient-devel 1.13.0-40.el7_2.4
sssd-proxy 1.13.0-40.el7_2.4
sssd-tools 1.13.0-40.el7_2.4

I ran the following commands to set up LDAP/AD authentication:

# ln -s /bin/bash /bin/PHSshell
# ln -s /home /PHShome
# authconfig --enablesssdauth --enablemkhomedir --enablesssd -update
# chkconfig sssd on
# service sssd restart

Initially, I ran into problems because I had not created an sssd.conf file. 
Eventually I did create one, and its contents are the following:

[.org]
enumate = true
cache_credentials = TRUE

id_provider = ldap
auth_provider = ldap
chpass_provider = ldap

ldap_uri = ldap://ldap..org
ldap_search_base = dc=,dc=org
tls_reqcert = demand
ldap_tls_cacert /etc/pki/tls/certs/ca-bundle.crt

If there are any additions or corrections that I need to make, please let me 
know.

I reran the service sssd restart command, and the error message that I am 
seeing via journalctl -xe is the following:

Unit sssd.service has begun starting up.
Jun 22 16:05:34 roadtest2.partners.org sssd[6384]: SSSD couldn't load the 
configuration database [5]: Input/output error.
Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service: control 
process exited, code=exited status=4
Jun 22 16:05:34 roadtest2.partners.org systemd[1]: Failed to start System 
Security Services Daemon.
-- Subject: Unit sssd.service has failed
-- Defined-By: systemd
-- Support: 
http://lists.freedesktop.org/mailman.../systemd-devel<http://lists.freedesktop.org/mailman/listinfo/systemd-devel>
--
-- Unit sssd.service has failed.
--
-- The result is failed.
Jun 22 16:05:34 roadtest2.partners.org systemd[1]: Unit sssd.service entered 
failed state.
Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service failed.
Jun 22 16:05:34 roadtest2.partners.org polkitd[787]: Unregistered 
Authentication Agent for unix-process:6369:52587318 (system bus name :1.2287,
object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale 
en_US.UTF-8) (disconnected from bus)

Any ideas?


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.
___
CentOS mailing list
CentOS@centos.org<mailto:CentOS@centos.org>
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] sssd.conf file missing

Re: [CentOS] sssd.conf file missing

Re: [CentOS] sssd.conf file missing

Re: [CentOS] sssd.conf file missing

Re: [CentOS] sssd.conf file missing

Re: [CentOS] sssd.conf file missing

Re: [CentOS] sssd.conf file missing

Re: [CentOS] sssd.conf file missing

Re: [CentOS] sssd.conf file missing

Re: [CentOS] sssd.conf file missing

Re: [CentOS] sssd.conf file missing

11 matches

Site Navigation

Mail list logo

Footer information