On (30/01/16 16:01), Marcelo Coelho wrote:
>Hi all,
>
>I've been struggling to setup a centralized authentication system for quite
>some time. It is composed by:
> - openldap 2.4.43, with TLS self-signed certs (root chain is ok):
>ldaps://serv;
> - pam 1.2.1; pambase 20150213;
> - sssd 1.13.1;
> - openssh 7.1.
>
>Currently I'm trying to authenticate a LDAP user in the server that hosts
>openldap.
>ldapsearch -x shows me stuff correctly, with TLS working. If I try to
>connect through the command-line, the logs show sssd getting stuff from
>openldap with success. But, login fails:
><log>
>login[xxxx]: pam_sss(login:auth): authentication success; logname=LOGIN
>uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=user_a
>login[xxxx]: FAILED LOGIN (1) on '/dev/tty1' FOR 'UNKNOWN', Authentication
>failure
></log>
>
>Also, id user_a fails, getent passwd user_a fails. Have no idea what may be
>wrong (if sssd, ldap DB, whatever).
Are you sure that getent passwd user_a failed?
Because there is "pam_sss(login:auth): authentication success"
and it could not pass without this.
If it really does not work the I will recommend to follow
https://fedorahosted.org/sssd/wiki/Troubleshooting