Jakub!

That worked!!!!!  Many many many thanks!!!!!

I did go back and re-enabled - disallow_bind_anon

What I need to look at next is 'hardening' the setup I have.

Is there a web page explaining 'best practices' or things you want to do for a production setup?

You recommended of not using cn=Manager - understand, is there a recommended account schema to use?
non posix account since I'm using it as part of my search filter?

Seems like I'm using SASL now and was wondering is there a way also to get around of having a password



Thanks!!!

------ Original Message ------
From: "Jakub Hrozek" <[email protected]>
To: [email protected]
Sent: 8/4/2014 9:55:19 AM
Subject: Re: [SSSD] Trying to ssh with sssd/pam configuration

On Mon, Aug 04, 2014 at 01:50:22PM +0000, Sterling Sahaydak wrote:
 Thanks again Jakub.

Then I think the issue, as you mentioned, in my slapd.conf file I have:

 "disallow bind_anon"

 Or would simply commenting that out solve it?

I *think* so, the default is probably allow anon, but I haven't checked.


I'll look into adding sssd to authenticate with the 3 you mentioned and get
 back.

It's OK to use one or the other, you don't have to use both.

btw if you're going to end up using a bind user, I would suggest
creating one just for this purpose and avoid using cn=Manager
_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to