[opensuse] LDAP Client Authentication for OpenSUSE 12.2
Hi all! I just upgraded to OpenSUSE 12.2 and I am facing a strange problem that I hope someone here can help me with. I want my OpenSUSE 12.2 PC to authenticate against an eDirectory server over LDAP. After some difficulties with the self-signed certificate, I managed to get it to the point where Yast's User and Group Management can "see" and list the users in eDirectory. Here comes the strange part: When I try to login via GDM on the OpenSUSE 12.2 PC using any of the LDAP users, I get an Authentication Failed error. Turning on DSTRACE on my eDirectory server, I can see that there is no incoming LDAP request. When I use Yast's User and Group Management applet to view LDAP users, I can see the incoming LDAP request. So, what do I have to configure further so I can login to OpenSUSE with LDAP user credentials? I checked through /etc/sssd/sssd.conf and the LDAP settings look correct. What else do I need to check? Thanks very much in advance!! pascal chong -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
[26.01.2013 18:32] [CHONG Yu Meng]:
Hi all!
I just upgraded to OpenSUSE 12.2 and I am facing a strange problem that I hope someone here can help me with.
I want my OpenSUSE 12.2 PC to authenticate against an eDirectory server over LDAP. After some difficulties with the self-signed certificate, I managed to get it to the point where Yast's User and Group Management can "see" and list the users in eDirectory. Here comes the strange part:
When I try to login via GDM on the OpenSUSE 12.2 PC using any of the LDAP users, I get an Authentication Failed error. Turning on DSTRACE on my eDirectory server, I can see that there is no incoming LDAP request. When I use Yast's User and Group Management applet to view LDAP users, I can see the incoming LDAP request.
So, what do I have to configure further so I can login to OpenSUSE with LDAP user credentials? I checked through /etc/sssd/sssd.conf and the LDAP settings look correct. What else do I need to check?
Thanks very much in advance!!
I don't use eDirectory but Sun LDAP at the office. I uninstalled sssd because of the problems it caused. You can't use YaST2 then to configure everything, but that can be done manually as well. a) in /etc/ldap.conf, make sure you have the correct LDAP server and connection data including attributes mapping (if needed) b) in /etc/nsswitch.conf, replace sss with ldap c) make sure you remove all sss(d) entries from /etc/pam.d/* After making sure that this was set, I uninstalled sssd and I could log in again. HTH Werner -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sun, Jan 27, 2013 at 01:32:32AM +0800, CHONG Yu Meng wrote:
Hi all!
I just upgraded to OpenSUSE 12.2 and I am facing a strange problem that I hope someone here can help me with.
I want my OpenSUSE 12.2 PC to authenticate against an eDirectory server over LDAP. After some difficulties with the self-signed certificate, I managed to get it to the point where Yast's User and Group Management can "see" and list the users in eDirectory. Here comes the strange part:
Does "getent passwd <username>" and "id <username>", with <username> being eDirectory user, work for you? The YaST Users and Groups module is probably not the best testcase as it queries the LDAP Server directly AFAIK instead of going via nsswitch/sssd.
When I try to login via GDM on the OpenSUSE 12.2 PC using any of the LDAP users, I get an Authentication Failed error. Turning on DSTRACE on my eDirectory server, I can see that there is no incoming LDAP request. When I use Yast's User and Group Management applet to view LDAP users, I can see the incoming LDAP request.
So, what do I have to configure further so I can login to OpenSUSE with LDAP user credentials? I checked through /etc/sssd/sssd.conf and the LDAP settings look correct. What else do I need to check? Anything suspicious in /var/log/messages or /var/log/sssd/* ? You might need to increase the loglevel for sssd to debug this problem. See the sssd.conf(5) man page for details (the option name is debug_level)
-- Ralf -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
CHONG Yu Meng
-
Ralf Haferkamp
-
Werner Flamme