[CentOS] sssd.conf file missing

Thu Jun 23 13:39:53 UTC 2016
l at avc.su <l at avc.su>

Almost :)

In [sssd]:
not 'domains = company/company.org' but 'domains = company.org'

and the section with all your LDAP configs should be called [domain/company.org]

'man sssd.conf' has the basic conf example.
Looking at my own conf, I'm seeing 'services' line under the [sssd] section. I thought it has default values, but apparently it doesnt. Let's alter your conf so it'll look like this:

[domain/company.org]
all-your-ldap-confs

[sssd]
debug_level = 4
config_file_version = 2
domains = company.org
services  = nss,pam

[nss]
debug_level = 1

[pam]
debug_level = 1

Also you can debug interactively:
sudo sssd -c /etc/sssd/sssd.conf -d2 -i
It will throws all its logs to your console.

By the way, I've noted this line in your initial email:
authconfig --enablesssdauth --enablemkhomedir --enablesssd -update 
As far as I remember, '-update ' should have two dashes, '--update'.
If you don't see 'sss' in some lines in /etc/nsswitch.conf, you should re-run authconfig. But that's part of other problem, I think.



23.06.2016, 16:18, "Kaplan, Andrew H." <ahkaplan at partners.org>:
> Hello --
>
> I made the suggested changes to the sssd.conf file, and the results are the same.
>
> Just to make sure my syntax is correct:
>
> The following section was added to the end of the file:
>
> [sssd]
> debug_level = 4
> config_file_version = 2
> domains = company/company.org
>
> -----Original Message-----
> From: l at avc.su [mailto:l at avc.su]
> Sent: Thursday, June 23, 2016 9:08 AM
> To: Kaplan, Andrew H.; CentOS mailing list
> Subject: Re: [CentOS] sssd.conf file missing
>
> OK, lets dig further.
>
> Does your sssd.conf have [sssd] section?
> Something like
>
> [sssd]
> debug_level = 4
> config_file_version = 2
> domains = your-domain-name-here
>
> If it's not there, add it and modify the [your-domain-name-here] section so it'll look like this:
> [domain/your-domain-name-here]
>
> 23.06.2016, 15:51, "Kaplan, Andrew H." <ahkaplan at partners.org>:
>>  Hello –
>>
>>  Thank-you for your e-mail. I corrected the syntax in the file, and I have confirmed the permissions are correct:
>>
>>  -rw-------. 1 root root 266 Jun 23 08:45 sssd.conf
>>
>>  Unfortunately, the error condition and messages listed in my initial e-mail are still present.
>>
>>  From: l at avc.su [mailto:l at avc.su]
>>  Sent: Thursday, June 23, 2016 8:34 AM
>>  To: CentOS mailing list; Kaplan, Andrew H.
>>  Subject: Re: [CentOS] sssd.conf file missing
>>
>>  Hello Andrew.
>>
>>  The sssd.conf should be owned by root:root, mode 0600.
>>
>>  Also please note this line in your config:
>>
>>  [<domain>.org]
>>  enumate = true
>>
>>  it's enumerate, not enumate.
>>
>>  23.06.2016, 15:24, "Kaplan, Andrew H." <ahkaplan at partners.org>:
>>
>>>  Hello --
>>>
>>>  We are running CentOS 7.2 on a virtual machine, and we are trying to set up LDAP authentication. The ldap packages that are currently installed on the system are the following:
>>>
>>>  python-sss 1.13.0-40.el7_2.4
>>>  python-sssdconfig 1.13.0-40.el7_2.4
>>>  sssd 1.13.0-40.el7_2.4
>>>  sssd-ad 1.13.0-40.el7_2.4
>>>  sssd-client 1.13.0-40.el7_2.4
>>>  sssd-common 1.13.0-40.el7_2.4
>>>  sssd-common-pac 1.13.0-40.el7_2.4
>>>  sssd-dbus 1.13.0-40.el7_2.4
>>>  sssd-ipa 1.13.0-40.el7_2.4
>>>  sssd-krb5 1.13.0-40.el7_2.4
>>>  sssd-krb5-common 1.13.0-40.el7_2.4
>>>  sssd-ldap 1.13.0-40.el7_2.4
>>>  sssd-libwbclient 1.13.0-40.el7_2.4
>>>  sssd-libwbclient-devel 1.13.0-40.el7_2.4 sssd-proxy 1.13.0-40.el7_2.4
>>>  sssd-tools 1.13.0-40.el7_2.4
>>>
>>>  I ran the following commands to set up LDAP/AD authentication:
>>>
>>>  # ln -s /bin/bash /bin/PHSshell
>>>  # ln -s /home /PHShome
>>>  # authconfig --enablesssdauth --enablemkhomedir --enablesssd -update
>>>  # chkconfig sssd on # service sssd restart
>>>
>>>  Initially, I ran into problems because I had not created an sssd.conf file. Eventually I did create one, and its contents are the following:
>>>
>>>  [<domain>.org]
>>>  enumate = true
>>>  cache_credentials = TRUE
>>>
>>>  id_provider = ldap
>>>  auth_provider = ldap
>>>  chpass_provider = ldap
>>>
>>>  ldap_uri = ldap://ldap.<domain>.org
>>>  ldap_search_base = dc=<domain>,dc=org tls_reqcert = demand
>>>  ldap_tls_cacert /etc/pki/tls/certs/ca-bundle.crt
>>>
>>>  If there are any additions or corrections that I need to make, please let me know.
>>>
>>>  I reran the service sssd restart command, and the error message that I am seeing via journalctl -xe is the following:
>>>
>>>  Unit sssd.service has begun starting up.
>>>  Jun 22 16:05:34 roadtest2.partners.org sssd[6384]: SSSD couldn't load the configuration database [5]: Input/output error.
>>>  Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service:
>>>  control process exited, code=exited status=4 Jun 22 16:05:34 roadtest2.partners.org systemd[1]: Failed to start System Security Services Daemon.
>>>  -- Subject: Unit sssd.service has failed
>>>  -- Defined-By: systemd
>>>  -- Support:
>>>  http://lists.freedesktop.org/mailman.../systemd-devel<http://lists.fr
>>>  eedesktop.org/mailman/listinfo/systemd-devel>
>>>
>>>  --
>>>  -- Unit sssd.service has failed.
>>>  --
>>>  -- The result is failed.
>>>  Jun 22 16:05:34 roadtest2.partners.org systemd[1]: Unit sssd.service entered failed state.
>>>  Jun 22 16:05:34 roadtest2.partners.org systemd[1]: sssd.service failed.
>>>  Jun 22 16:05:34 roadtest2.partners.org polkitd[787]: Unregistered
>>>  Authentication Agent for unix-process:6369:52587318 (system bus name
>>>  :1.2287, object path /org/freedesktop/PolicyKit1/AuthenticationAgent,
>>>  locale en_US.UTF-8) (disconnected from bus)
>>>
>>>  Any ideas?
>>>
>>>  The information in this e-mail is intended only for the person to
>>>  whom it is addressed. If you believe this e-mail was sent to you in
>>>  error and the e-mail contains patient information, please contact the
>>>  Partners Compliance HelpLine at
>>>  http://www.partners.org/complianceline . If the e-mail was sent to
>>>  you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail.
>>>  _______________________________________________
>>>  CentOS mailing list
>>>  CentOS at centos.org
>>>  https://lists.centos.org/mailman/listinfo/centos