I began moving from CentOS 5 to CentOS 6, 6.4 to be exact. I ran into a problem early on when trying to configure user authentication with our LDAP server. The problem was that I started configuring it like I did on CentOS 5 using pam and the /etc/pam_ldap.conf -file when the new installation actually is using a new type of module called SSSD. I then switched to it by configuring my settings in /etc/sssd/sssd.conf and making the appropriate changes to /etc/nsswitch.conf. Namely:
passwd: files sss
shadow: files sss
group: files sssHovewer, I could not get the users’ secondary groups to work. I tried everything I could think of, but I just wasn’t getting them. It took me a clean install and comparing of configuration files to notice that my pam-configurations (maybe ‘authconfig-tui’, I’m not sure) had added a line to nsswitch.conf and only the presence of that single line was what was keeping SSSD from working. That single line is:
initgroups: files [SUCCESS=continue] sssMake sure you don’t have that line in there and it should work. I have memberUid as the group member attribute, so my working SSSD configuration was this:
[domain/default]
ldap_id_use_start_tls = True
cache_credentials = True
ldap_search_base = dc=mydomain,dc=com
krb5_realm = EXAMPLE.COM
krb5_server = kerberos.example.com
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://the.ip/
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_reqcert = never
[sssd]
services = nss, pam
config_file_version = 2
domains = default
[nss]
[pam]
[sudo]
[autofs]
[ssh]
[pac]
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.