On (30/01/16 16:01), Marcelo Coelho wrote:
Hi all,
I've been struggling to setup a centralized authentication system for quite some time. It is composed by:
- openldap 2.4.43, with TLS self-signed certs (root chain is ok):
ldaps://serv;
- pam 1.2.1; pambase 20150213;
- sssd 1.13.1;
- openssh 7.1.
Currently I'm trying to authenticate a LDAP user in the server that hosts openldap. ldapsearch -x shows me stuff correctly, with TLS working. If I try to connect through the command-line, the logs show sssd getting stuff from openldap with success. But, login fails:
<log> login[xxxx]: pam_sss(login:auth): authentication success; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=user_a login[xxxx]: FAILED LOGIN (1) on '/dev/tty1' FOR 'UNKNOWN', Authentication failure </log>
Also, id user_a fails, getent passwd user_a fails. Have no idea what may be wrong (if sssd, ldap DB, whatever).
Are you sure that getent passwd user_a failed? Because there is "pam_sss(login:auth): authentication success" and it could not pass without this.
If it really does not work the I will recommend to follow https://fedorahosted.org/sssd/wiki/Troubleshooting
LS