LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 08-30-2017, 01:18 PM   #1
dciwill
LQ Newbie
 
Registered: Aug 2017
Posts: 2

Rep: Reputation: Disabled
sssd / Active Directory Base DN


I am new to using LDAP on linux and have followed a guide to setup sssd to connect to LDAP for our PAM/ssh logins.

When logging a user in we see the following 15 lines taking about 15 seconds to completed before it gets to a bash:

iMac:~ dciwill$ ssh redacted@xxx.xxx.xxx.xxx
redacted@xxx.xxx.xxx.xxx's password:
Last login: Wed Aug 30 11:34:52 2017 from xxx.xxx.xxx.xxx
groups: cannot find name for group ID 16777222
groups: cannot find name for group ID 16777223
groups: cannot find name for group ID 16777224
groups: cannot find name for group ID 16777225
groups: cannot find name for group ID 16777226

groups: cannot find name for group ID 16777222
groups: cannot find name for group ID 16777223
groups: cannot find name for group ID 16777224
groups: cannot find name for group ID 16777225
groups: cannot find name for group ID 16777226
groups: cannot find name for group ID 16777222
groups: cannot find name for group ID 16777223
groups: cannot find name for group ID 16777224
groups: cannot find name for group ID 16777225
groups: cannot find name for group ID 16777226

Here is the sssd config:
[sssd]
config_file_version = 2
services = nss, pam
domains = amr-Users

[nss]
filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd

[pam]

[domain/amr-Users]
ldap_tls_reqcert = never
auth_provider = ldap
ldap_schema = rfc2307bis
krb5_realm = REDACTED.LOCAL
ldap_search_base = CN=AMR Users,DC=redacted,DC=local
ldap_group_member = uniquemember
id_provider = ldap
ldap_id_use_start_tls = False
ldap_default_bind_dn = CN=Dynamics,OU=Managed Service Accounts,OU=AMR Users,DC=redacted,DC=local
ldap_default_authtok_type = password
ldap_default_authtok = C0ncepts!
chpass_provider = ldap
ldap_uri = ldap://amr-dc1.redacted.local/,ldap://amr-dc3.redacted.local/
ldap_chpass_bri = ldap://amr-dc1.redacted.local/
krb5_server = amr-dc1.redacted.local
cache_credentials = True
ldap_tls_cacertdir = /etc/openldap/cacerts
entry_cache_timeout = 600
ldap_network_timeout = 3
ldap_access_filter = (&(object)(object))
debug_level=6


Here is the sssd domain/realm log file:
https://pastebin.com/SPgcvFyJ
 
  


Reply

Tags
ldap, nssldap, pam, pamkrb5, sssd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSSD/Active directory problem jstilby Linux - Software 1 01-15-2017 11:09 AM
[SOLVED] Ubuntu 14.04 Active Directory Integration With SSSD athreyavc Linux - Server 5 02-03-2016 03:25 AM
Active Directory Integration with SSSD TheRyaz Red Hat 3 07-13-2015 02:39 PM
SSSD response inconsistent with Active Directory abhi001neo Linux - Newbie 0 09-24-2014 05:44 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 02:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration