https://bugzilla.novell.com/show_bug.cgi?id=778949 https://bugzilla.novell.com/show_bug.cgi?id=778949#c3 Joschi Brauchle <joschibrauchle@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|joschibrauchle@gmx.de | --- Comment #3 from Joschi Brauchle <joschibrauchle@gmx.de> 2012-09-06 09:57:50 UTC --- Hello, your patch does solve the problem of the "Use Kerberos" checkbox being disabled after reloading the XML in the Autoinstall module. Unfortunately, using this new XML during an autoinstallation still does not enable Kerberos for SSSD. This is the ldap part of my XML profile: ------ <ldap> <create_ldap config:type="boolean">false</create_ldap> <file_server config:type="boolean">false</file_server> <krb5_kdcip>kerberos.server.com</krb5_kdcip> <krb5_realm>KERBEROS.REALM</krb5_realm> <ldap_domain>ou=users,dc=some</ldap_domain> <ldap_server>ldap.server.com</ldap_server> <ldap_tls config:type="boolean">false</ldap_tls> <login_enabled config:type="boolean">true</login_enabled> <member_attribute>member</member_attribute> <mkhomedir config:type="boolean">false</mkhomedir> <pam_password>exop</pam_password> <nss_base_group>ou=groups,dc=some</nss_base_group> <nss_base_passwd>ou=users,dc=some</nss_base_passwd> <nss_base_shadow>ou=users,dc=some</nss_base_shadow> <sssd config:type="boolean">true</sssd> <sssd_ldap_schema>rfc2307</sssd_ldap_schema> <sssd_with_krb config:type="boolean">true</sssd_with_krb> <!-- New tag --> <start_autofs config:type="boolean">true</start_autofs> <start_ldap config:type="boolean">true</start_ldap> <tls_cacertfile>/etc/ssl/certs/LOCAL-CA.pem</tls_cacertfile> </ldap> ------ And this is the /etc/sssd/sssd.conf after AutoYast installation with above profile: ------ [sssd] config_file_version = 2 services = nss,pam domains = default # SSSD will not start if you do not configure any domains. # Add new domain configurations as [domain/<NAME>] sections, and # then add the list of domains (in the order you want them to be # queried) to the "domains" attribute below and uncomment it. ; domains = LDAP [nss] [pam] # Section created by YaST [domain/default] ldap_uri = ldap://ldap.server.com ldap_search_base = ou=users,dc=some ldap_schema = rfc2307 id_provider = ldap ldap_user_uuid = entryuuid ldap_group_uuid = entryuuid ldap_id_use_start_tls = False enumerate = False cache_credentials = False ldap_tls_cacert = /etc/ssl/certs/LOCAL-CA.pem chpass_provider = ldap auth_provider = ldap ------ Clearly, the Kerberos settings are missing. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.