On 06/23/2016 05:23 AM, Kaplan, Andrew H. wrote:
We are running CentOS 7.2 on a virtual machine, and we are trying to set up LDAP authentication.
In an AD environment, it's important to point out that you typically can't do "ldap authentication". You can, but you'll need a service account to do it, and none of the work you've described so far indicates that you've set one up.
Instead of thinking about AD as LDAP, consider it a set of services that should be used together. Technically, you'll use LDAP for identity and Kerberos for authentication, but you should think of AD as providing both identity and authentication.
The easy way to use AD is to use the realm tool to set up integration: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm...
The details of setting up AD manually are described in excruciating detail here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/pdf...
If you use realmd, you should not need to edit sssd.conf at all. If you decide to do things manually, I'd still recommend providing the complete configuration description to "authconfig" and allowing it to write sssd.conf for you.