[CentOS] ldap host attribute is ignored
Ulrich Hiller
hiller at mpia-hd.mpg.de
Tue May 5 19:12:54 UTC 2015
Hi,
added, but no success.
My sssd.conf looks now so:
[sssd]
config_file_version = 2
services = nss,pam
domains = default
# SSSD will not start if you do not configure any domains.
# Add new domain configurations as [domain/<NAME>] sections, and
# then add the list of domains (in the order you want them to be
# queried) to the "domains" attribute below and uncomment it.
[nss]
filter_groups = root
filter_users = root
[pam]
# Section created by YaST
[domain/default]
ldap_uri = ldap://ldap.mpia-hd.mpg.de
ldap_search_base = o=mpia
ldap_schema = rfc2307bis
id_provider = ldap
ldap_user_uuid = entryuuid
ldap_group_uuid = entryuuid
ldap_id_use_start_tls = True
enumerate = False
cache_credentials = False
ldap_tls_cacertdir = /etc/ssl/certs
chpass_provider = ldap
auth_provider = ldap
ldap_tls_reqcert = never
ldap_user_search_base = ou=people,o=mpia
ldap_group_search_base = ou=group,o=mpia
access_provider = ldap
#ldap_access_filter = memberOf=ou=people,o=mpia
ldap_access_order = host
ldap_user_authorized_host = host
and my nsswitch,conf:
passwd: files ldap
shadow: files ldap
group: files ldap
#initgroups: files
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: files sss ldap
publickey: nisplus
automount: files sss ldap
aliases: files nisplus
I get a "user unknown". With
passwd: files sss ldap
shadow: files sss ldap
group: files sss ldap
in nsswitch.conf all ldap users can login, independently from the host
attribute.
With kind regards, ulrich
On 05/05/2015 08:58 PM, Ashish Yadav wrote:
> Hi,
>
> I am confused about what to do now.
>> Do i have to configure anything else in /etc/pam.d apart from system-auth?
>>
>
> IMO, you have to configure sssd.conf properly.
>
> Please add "ldap_user_authorized_host = host" in your sssd.conf which you
> have not configured.
> After that please check again.
>
> For more information, please refer below link.
>
> <https://lists.fedorahosted.org/pipermail/sssd-users/2015-May/003001.html>
>
> --Regards
> Ashishkumar S. Yadav
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
More information about the CentOS
mailing list