Hello all!
I am working on a RHEL 6 client authenticating against a 389 (Fedora Directory Server) LDAP server. I can configure the system to use LDAP and KRB5 to authenticate properly, but this lacks reliable credential caching, which is a big problem for my laptop users.
I have installed and configured SSSD. At this point, I am able to log in. However, no group information has been passed down from the server. For example, once logged in as Snoopy:
$ getent passwd snoopy
snoopy:*:79591:79591:Snoopy Dog:/ascldap/users/snoopy:/bin/bash
$ getent group snoopy
<returns nothing>
$ id
uid=79591(lfnuffe) gid=79591 groups=79591
In /var/log/sssd/sssd_<DOMAIN>.log I can see the following messages:
[sssd[be[KRBDOMAIN]]] [sdap_initgr_rfc2307bis_process] (0x1000): Found 62 parent groups for user [snoopy]
eventually followed by:
[sssd[be[KRBDOMAIN]]] [sysdb_get_direct_parents] (0x1000): snoopy is a member of 62 sysdb groups
Sanitized logs and sssd.conf attached.
Thanks in advance!
lfn
I am working on a RHEL 6 client authenticating against a 389 (Fedora Directory Server) LDAP server. I can configure the system to use LDAP and KRB5 to authenticate properly, but this lacks reliable credential caching, which is a big problem for my laptop users.
I have installed and configured SSSD. At this point, I am able to log in. However, no group information has been passed down from the server. For example, once logged in as Snoopy:
$ getent passwd snoopy
snoopy:*:79591:79591:Snoopy Dog:/ascldap/users/snoopy:/bin/bash
$ getent group snoopy
<returns nothing>
$ id
uid=79591(lfnuffe) gid=79591 groups=79591
In /var/log/sssd/sssd_<DOMAIN>.log I can see the following messages:
[sssd[be[KRBDOMAIN]]] [sdap_initgr_rfc2307bis_process] (0x1000): Found 62 parent groups for user [snoopy]
eventually followed by:
[sssd[be[KRBDOMAIN]]] [sysdb_get_direct_parents] (0x1000): snoopy is a member of 62 sysdb groups
Sanitized logs and sssd.conf attached.
Thanks in advance!
lfn
