[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem in user authentication with LDAP + SSSD



Hi,
I'm an authentication problem with my server CentOS 6.3, there are installer LDAP (openldap-2.4.23-26) and SSSD (sssd-1.8.0-32).
The LDAP server is working fine but the integration between LDAP + SSSD has a problem because it can not authenticate the user on the server

Can anyone help me identify the problem?
I've revised all the configuration and found nothing wrong.

::::: slapd.conf :::::

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema

allow bind_v2
pidfile /var/run/openldap/slapd.pid

TLSCACertificateFile /etc/openldap/cacert.pem
TLSCertificateFile /etc/openldap/servercrt.pem
TLSCertificateKeyFile /etc/openldap/serverkey.pem

access to *
       by self write
       by users auth
       by anonymous read


database bdb
suffix "dc=domain,dc=com,dc=br"
checkpoint      1024 15
rootdn "cn=Manager,dc=domain,dc=com,dc=br"
rootpw          xxxxxxxxxx
directory       /database/ldap

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

database monitor

loglevel        768



::::: sssd.conf :::::
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = default

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3
debug_level = 8

[domain/default]
ldap_tls_reqcert = never
auth_provider = ldap
ldap_id_use_start_tls = False
chpass_provider = ldap
krb5_realm = EXAMPLE.COM
cache_credentials = True
debug_timestamps = True
ldap_default_authtok_type = password
ldap_search_base = dc=domain,dc=com,dc=br
debug_level = 9
id_provider = ldap
ldap_default_bind_dn = cn=Manager,dc=domain,dc=com,dc=br
min_id = 100
ldap_uri = ldap://localhost/
krb5_kdcip = kerberos.example.com
ldap_default_authtok = xxxxxxxxxx
ldap_tls_cacertdir = /etc/openldap/cacerts


:::: nsswitch.conf :::::

passwd:     files sss
shadow:     files sss
group:      files sss
hosts:      files dns
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files 
netgroup:   files sss
publickey:  nisplus
automount:  files ldap
aliases:    files nisplus

LOG: 

Feb 18 14:50:01 primario slapd[16064]: conn=1119 op=185 SRCH base="dc=domain,dc=com,dc=br" scope=2 deref=0 filter="(&(uid=cristiane)(objectClass=posixAccount))"
Feb 18 14:50:01 primario slapd[16064]: conn=1119 op=185 SRCH attr=objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn modifyTimestamp modifyTimestamp shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdAttribute authorizedService accountExpires userAccountControl nsAccountLock host loginDisabled loginExpirationTime loginAllowedTimeMap
Feb 18 14:50:01 primario slapd[16064]: conn=1119 op=185 SEARCH RESULT tag=101 err=32 nentries=0 text=



Thanks
Cristiane