Hi MItja,
it looks like you are trying to integrate SSSD with FreeIPA. I think the following presentation will help you review the SSSD configuration even if you are trying to use 389DS independently: http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
Check the page titled " Example configuration - SSSD with FreeIPA server". SSSD has to be configured to talk to LDAP server. Check also the settings in /etc/nsswitch.conf. You might need to modify it to enable SSSD integration with other services.
This example comes from a host that is using SSSD for SSH authentication and sudo integration with a FreeIPA server: passwd: files sss shadow: files sss group: files sss sudoers: files sss
Dimitar
On Fri, Jan 3, 2014 at 10:17 AM, Mitja Mihelič mitja.mihelic@arnes.siwrote:
Hi!
How to get usermod working with SSSD/389DS ?
We have SSSD set up on our server and it uses 389DS. SSSD was enabled with the following command: authconfig --enablesssd --enablesssdauth --ldapbasedn=dc=example,dc=com --enableshadow --enablemkhomedir --enablelocauthorize --update
Running for example "usermod -L username" returns: usermod: user 'username' does not exist in /etc/passwd
Each time usermod is executed there is a query logged in 389DS, so SSSD does pass the request to 389DS. Strace (attached) of usermod shows that it gets at least gecos back from SSSD and that it checked the /var/lib/sss/mc/passwd file which contains: username Name Lastname /home/username /bin/bash
Soon after that it starts to open /etc/shadow and /etc/passwd.
What are we missing? Any insight would be appreciated.
Regards, Mitja
--
Mitja Mihelič ARNES, Tehnološki park 18, p.p. 7, SI-1001 Ljubljana, Slovenia tel: +386 1 479 8877, fax: +386 1 479 88 78
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos