LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   sssd / Active Directory Base DN (https://www.linuxquestions.org/questions/linux-software-2/sssd-active-directory-base-dn-4175612930/)

dciwill 08-30-2017 01:18 PM
sssd / Active Directory Base DN
 
I am new to using LDAP on linux and have followed a guide to setup sssd to connect to LDAP for our PAM/ssh logins.

When logging a user in we see the following 15 lines taking about 15 seconds to completed before it gets to a bash:

iMac:~ dciwill$ ssh redacted@xxx.xxx.xxx.xxx
redacted@xxx.xxx.xxx.xxx's password:
Last login: Wed Aug 30 11:34:52 2017 from xxx.xxx.xxx.xxx
groups: cannot find name for group ID 16777222
groups: cannot find name for group ID 16777223
groups: cannot find name for group ID 16777224
groups: cannot find name for group ID 16777225
groups: cannot find name for group ID 16777226

groups: cannot find name for group ID 16777222
groups: cannot find name for group ID 16777223
groups: cannot find name for group ID 16777224
groups: cannot find name for group ID 16777225
groups: cannot find name for group ID 16777226
groups: cannot find name for group ID 16777222
groups: cannot find name for group ID 16777223
groups: cannot find name for group ID 16777224
groups: cannot find name for group ID 16777225
groups: cannot find name for group ID 16777226

Here is the sssd config:
[sssd]
config_file_version = 2
services = nss, pam
domains = amr-Users

[nss]
filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd

[pam]

[domain/amr-Users]
ldap_tls_reqcert = never
auth_provider = ldap
ldap_schema = rfc2307bis
krb5_realm = REDACTED.LOCAL
ldap_search_base = CN=AMR Users,DC=redacted,DC=local
ldap_group_member = uniquemember
id_provider = ldap
ldap_id_use_start_tls = False
ldap_default_bind_dn = CN=Dynamics,OU=Managed Service Accounts,OU=AMR Users,DC=redacted,DC=local
ldap_default_authtok_type = password
ldap_default_authtok = C0ncepts!
chpass_provider = ldap
ldap_uri = ldap://amr-dc1.redacted.local/,ldap://amr-dc3.redacted.local/
ldap_chpass_bri = ldap://amr-dc1.redacted.local/
krb5_server = amr-dc1.redacted.local
cache_credentials = True
ldap_tls_cacertdir = /etc/openldap/cacerts
entry_cache_timeout = 600
ldap_network_timeout = 3
ldap_access_filter = (&(object)(object))
debug_level=6


Here is the sssd domain/realm log file:
https://pastebin.com/SPgcvFyJ


All times are GMT -5. The time now is 09:02 AM.