I configured everything with SSSD as you suggested. I'm able to do successful logins authenticating against the LDAP server, but when I check the Users and Groups list on the client machine, that newly created user isn't added. Thoughts?
are you using SSSD on client side or PADL/NSS?
On Monday, January 7, 2013, Chaudhari, Rohit K. wrote:
I do specify the POSIX properties on the LDAP side. But when I login with that created user on the client side and check the Users and Groups list on the client machine, it is not listed there. I did avoid the warning message by adding the LDAP user
to a group that already exists. I want the user I create in LDAP to become listed in the Users and Groups list on the client (for ACL purposes, if you know anything regarding meeting DIACAP guidelines). Did I miss something?
While creating users you also need to specify POSIX properties for the user.
In admin console you need to fill out posix properties details while creating the user. Also make sure you create posix groups and associate these new users with the group ID otherwise while login time you may get some warning message like "id: Group
does not exist".
On Mon, Jan 7, 2013 at 7:27 AM, Chaudhari, Rohit K. <Rohit.Chaudhari@jhuapl.edu>
So I got the RHEL client working, but I have an outstanding issue. When I look at the users/groups setting on the client machine, the newly created user that I made on the RHEL LDAP server does not show up on the list. Is this how it is supposed to work?
If not, how do I get a LDAP user to become a part of the users and groups list on the RHEL client?
Thursday, December 20, 2012 6:21 PM
Yes do need to replace it with SSSD. If you are having a fresh Centos install, by default it is sssd only.
Best way would be to use the authconfig tool as it changes all related files and you don't have to manually change all of them. Moreover, you also need change the nss.conf file and make sure groups/users do have sssd instead of ldap.
From RHEL 6.4 sssd will be fully supported and it gives better performance if you intend to integrate many applications with LDAP as it does not open multiple connections with the directory server.
I will look that guide again and will try to improve it.
On Thursday, December 20, 2012, Chaudhari, Rohit K. wrote:
Okay I will try checking those parameters. I am doing sssd, I used ldap pan before in CentOS 6 and that had worked for me, but I will try using sssd. What confused me in your guide was when it said to set up /etc/pam.d/system-auth, replacing all instances
of pam_sss.so with pam_ldap.so. If I want to use sssd I need to leave this alone. I'll give you an update tomorrow to see how it is going. Thanks again for your insight.