> On (05/06/14 16:43), Robert Zmijan wrote: >>> On Wed, Jun 04, 2014 at 11:54:39PM +0100, Robert Zmijan wrote: >>>>> On 06/04/2014 04:13 PM, Robert Zmijan wrote: >>>>>>> On Wed, 2014-06-04 at 18:15 +0100, Robert Zmijan wrote: >>>>>>>> Hi >>>>>>>> >>>>>>>> I want to setup sssd to use ldap_default_bind_dn and >>>>>>>> ldap_default_authok. currently I have in my sssd.conf >>>>>>>> ldap_default_bind_dn = cn=sssd,ou=services,dc=myhost,dc=net >>>>>>>> ldap_default_authok = mypassword I understand that I would >>>>>>>> have to put 'mypassword' in ldap under the name of 'sssd' >>>>>>>> the problem I'm facing is that when i type: sss_obfuscate I >>>>>>>> get this: >>>>>>>> >>>>>>>> File "/usr/sbin/sss_obfuscate", line 81 print "Cannot read >>>>>>>> internal configuration files" >>>>>>> >>>>>>> chmod 0600 /etc/sssd/sssd.conf >>>>>>> >>>>> >>>>>> Just did that. running sss_obuscate has still the same effect as >>>>>> above: >>>>> >>>>>> File "/usr/sbin/sss_obfuscate", line 81 print "Cannot read >>>>>> internal configuration files" >>>>> >>>>>> Syntax Error: invalid syntax >>>>> >>>>> "invalid syntax" probably means you have an error in the config >>>>> file. Mind including it so we can help you spot the syntax error? >>>> >>>> Sure, did you mean sssd.conf? >>>> >>>> here it is >>>> >>>> [sssd] >>>> config_file_version = 2 >>>> services = nss, pam >>>> domains = LDAP >>>> >>>> [nss] >>>> >>>> filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd >>>> >>>> >>>> [pam] >>>> >>>> # Example LDAP domain >>>> [domain/LDAP] >>>> id_provider = ldap >>>> >>>> ldap_id_use_start_tls = True >>>> >>>> auth_provider = ldap >>>> chpass_provider = ldap >>>> access_provider = ldap >>>> >>>> ldap_access_filter = gidNumber=100 >>>> >>>> ldap_user_ssh_public_key = sshPublicKey >>>> ldap_default_bind_dn=cn=sssd,ou=services,dc=myhost,dc=net >>>> >>>> ldap_tls_reqcert = never >>>> ldap_tls_cacert = /etc/openldap/ssl/ldapscert.crt >>>> ldap_uri = ldap://127.0.0.1 >>>> ldap_search_base = dc=homelinux,dc=net >>>> ldap_user_search_base = ou=People,dc=myhost,dc=net >>>> ldap_group_search_base = ou=Group,dc=myhost,dc=net >>>> >>>> enumerate = true >>>> >>>> cache_credentials = true >>> >>> This configuration looks good and is working for me with sss_obfuscate. >>> Which platform/distribution do you use? Maybe there are issues with the >>> path to the config file? You can use the -f option to explicitly tell >>> sss_obfuscate which config file to read. >>> >>> HTH >>> >>> bye, >>> Sumit >> >> I'm using Gentoo. No luck so far. I even copied the sssd.conf to my home >> directory, gave 666 permissions and did sss_obfuscate -f /root/sssd.conf > sssd.conf have to have permissions 0600, otherwise sssd will not start. > >> >> Again I get >> >> File "/usr/sbin/sss_obfuscate", line 81 print "Cannot read >> internal configuration files" >> >> SyntaxError: invalid syntax > /usr/sbin/sss_obfuscate is python script. > You can try debug this script if you have sucxh python skills :-) > https://docs.python.org/2/library/pdb.html > >> I guess the issue is more basic, and broader than just permission to >> sssd.conf >> >> the line "Cannot read internal configuration files" sounds too enigmatic >> to me. What configuration files are meant to be read? > Dou you run sss_obfuscate as root?
yes, however I ssh as a normal user and then su into root. Might I be experiencing this because $PATH is actually not as it supposed to be? _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
