On 06/09/2010 11:48 AM, Michael Cronenworth wrote: > Nalin Dahyabhai wrote: >> Setting nsswitch.conf to "ldap" doesn't test sssd -- the source for that >> information should be listed as "sss" if you want to use sssd. > > A fresh F13 install defaults to "files sss", so it is implied I was > using it. > >> The example sssd.conf doesn't look right to me -- the bits in there that >> mention Kerberos-specific (krb5*) settings don't fit at all since the >> auth_provider isn't set to Kerberos (krb5) and the client isn't being >> told to use Kerberos to authenticate to the directory server. There >> aren't any of the TLS-related settings that sssd-ldap(5) details in >> there, either. > > I'm not using Kerberos. I have it set to use LDAP for all authentication. > >> >> If that doesn't point you in the right direction, you might want to ask >> on the sssd list. > > Looks like I'm headed that way. Thanks. Michael, please post your [sanitized] sssd.conf somewhere. Right now, my best guess would be that you are using LDAPS or LDAP+TLS and are having a certificate error. My second-best guess is that your users' UID or primary GID is < 1000, which is ignored by SSSD by default. (We've decided upstream that we're going to change this default to 1, as so many people have hit it). -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
