Almost :) In [sssd]: not 'domains = company/company.org' but 'domains = company.org' and the section with all your LDAP configs should be called [domain/company.org] 'man sssd.conf' has the basic conf example. Looking at my own conf, I'm seeing 'services' line under the [sssd] section. I thought it has default values, but apparently it doesnt. Let's alter your conf so it'll look like this: [domain/company.org] all-your-ldap-confs [sssd] debug_level = 4 config_file_version = 2 domains = company.org services = nss,pam [nss] debug_level = 1 [pam] debug_level = 1 Also you can debug interactively: sudo sssd -c /etc/sssd/sssd.conf -d2 -i It will throws all its logs to your console. By the way, I've noted this line in your initial email: authconfig --enablesssdauth --enablemkhomedir --enablesssd -update As far as I remember, '-update ' should have two dashes, '--update'. If you don't see 'sss' in some lines in /etc/nsswitch.conf, you should re-run authconfig. But that's part of other problem, I think. 23.06.2016, 16:18, "Kaplan, Andrew H." <ahkaplan at partners.org>: > Hello -- > > I made the suggested changes to the sssd.conf file, and the results are the same. > > Just to make sure my syntax is correct: > > The following section was added to the end of the file: > > [sssd] > debug_level = 4 > config_file_version = 2 > domains = company/company.org > > -----Original Message----- > From: l at avc.su [mailto:l at avc.su] > Sent: Thursday, June 23, 2016 9:08 AM > To: Kaplan, Andrew H.; CentOS mailing list > Subject: Re: [CentOS] sssd.conf file missing > > OK, lets dig further. > > Does your sssd.conf have [sssd] section? > Something like > > [sssd] > debug_level = 4 > config_file_version = 2 > domains = your-domain-name-here > > If it's not there, add it and modify the [your-domain-name-here] section so it'll look like this: > [domain/your-domain-name-here] > > 23.06.2016, 15:51, "Kaplan, Andrew H." <ahkaplan at partners.org>: >> Hello – >> >> Thank-you for your e-mail. I corrected the syntax in the file, and I have confirmed the permissions are correct: >> >> -rw-------. 1 root root 266 Jun 23 08:45 sssd.conf >> >> Unfortunately, the error condition and messages listed in my initial e-mail are still present. >> >> From: l at avc.su [mailto:l at avc.su] >> Sent: Thursday, June 23, 2016 8:34 AM >> To: CentOS mailing list; Kaplan, Andrew H. >> Subject: Re: [CentOS] sssd.conf file missing >> >> Hello Andrew. >> >> The sssd.conf should be owned by root:root, mode 0600. >> >> Also please note this line in your config: >> >> [<domain>.org] >> enumate = true >> >> it's enumerate, not enumate. >> >> 23.06.2016, 15:24, "Kaplan, Andrew H." <ahkaplan at partners.org>: >> >>> Hello -- >>> >>> We are running CentOS 7.2 on a virtual machine, and we are trying to set up LDAP authentication. The ldap packages that are currently installed on the system are the following: >>> >>> python-sss 1.13.0-40.el7_2.4 >>> python-sssdconfig 1.13.0-40.el7_2.4 >>> sssd 1.13.0-40.el7_2.4 >>> sssd-ad 1.13.0-40.el7_2.4 >>> sssd-client 1.13.0-40.el7_2.4 >>> sssd-common 1.13.0-40.el7_2.4 >>> sssd-common-pac 1.13.0-40.el7_2.4 >>> sssd-dbus 1.13.0-40.el7_2.4 >>> sssd-ipa 1.13.0-40.el7_2.4 >>> sssd-krb5 1.13.0-40.el7_2.4 >>> sssd-krb5-common 1.13.0-40.el7_2.4 >>> sssd-ldap 1.13.0-40.el7_2.4 >>> sssd-libwbclient 1.13.0-40.el7_2.4 >>> sssd-libwbclient-devel 1.13.0-40.el7_2.4 sssd-proxy 1.13.0-40.el7_2.4 >>> sssd-tools 1.13.0-40.el7_2.4 >>> >>> I ran the following commands to set up LDAP/AD authentication: >>> >>> # ln -s /bin/bash /bin/PHSshell >>> # ln -s /home /PHShome >>> # authconfig --enablesssdauth --enablemkhomedir --enablesssd -update >>> # chkconfig sssd on # service sssd restart >>> >>> Initially, I ran into problems because I had not created an sssd.conf file. Eventually I did create one, and its contents are the following: >>> >>> [<domain>.org] >>> enumate = true >>> cache_credentials = TRUE >>> >>> id_provider = ldap >>> auth_provider = ldap >>> chpass_provider = ldap >>> >>> ldap_uri = ldap://ldap.<domain>.org >>> ldap_search_base = dc=<domain>,dc=org tls_reqcert = demand >>> ldap_tls_cacert /etc/pki/tls/certs/ca-bundle.crt >>> >>> If there are any additions or corrections that I need to make, please let me know. >>> >>> I reran the service sssd restart command, and the error message that I am seeing via journalctl -xe is the following: >>> >>> Unit sssd.service has begun starting up. >>> Jun 22 16:05:34 roadtest2.partners.org sssd[6384]: SSSD couldn't load the configuration database [5]: Input/output error. >>> Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service: >>> control process exited, code=exited status=4 Jun 22 16:05:34 roadtest2.partners.org systemd[1]: Failed to start System Security Services Daemon. >>> -- Subject: Unit sssd.service has failed >>> -- Defined-By: systemd >>> -- Support: >>> http://lists.freedesktop.org/mailman.../systemd-devel<http://lists.fr >>> eedesktop.org/mailman/listinfo/systemd-devel> >>> >>> -- >>> -- Unit sssd.service has failed. >>> -- >>> -- The result is failed. >>> Jun 22 16:05:34 roadtest2.partners.org systemd[1]: Unit sssd.service entered failed state. >>> Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service failed. >>> Jun 22 16:05:34 roadtest2.partners.org polkitd[787]: Unregistered >>> Authentication Agent for unix-process:6369:52587318 (system bus name >>> :1.2287, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, >>> locale en_US.UTF-8) (disconnected from bus) >>> >>> Any ideas? >>> >>> The information in this e-mail is intended only for the person to >>> whom it is addressed. If you believe this e-mail was sent to you in >>> error and the e-mail contains patient information, please contact the >>> Partners Compliance HelpLine at >>> http://www.partners.org/complianceline . If the e-mail was sent to >>> you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> https://lists.centos.org/mailman/listinfo/centos