I will admit that getting fedora 13 to authenticate against my dirsrv ldap server has been an interesting experience. I still do not think I have it right since getent passwd does not display the ldap users but for some reason I am able to log in with my ldap user name and password and the home directory mapping is pulled out of ldap. This error is in my sssd.nss.log file after reboot when I try to log in. [sssd[nss]] [nss_cmd_getgrgid_callback] (0): No matching domain found for [5001], fail! The interesting thing is that the uid for the user trying to authenticate is 5001 so that must be coming back from the ldap server. Here is what matters in my nsswitch.conf file. passwd: files sss shadow: files sss group: files sss If I change that to files ldap then getent passwd will return my ldap users but then initial boot takes about 10 minutes since the computer tries to contact the ldap server during boot up before the ethernet card has been brought up. Here is what matters from my sssd.conf file. [domain/xxxxxxx] (where xxxxxxx is the domain in ldap) ldap_id_use_start_tls = True cache_credentials = True debug_level = 0 ldap_search_base = dc=nissley,dc=org chpass_provider = ldap id_provider = ldap auth_provider = ldap cache_credentials = True min_id = 100 ldap_uri = ldap://192.168.10.7 ldap_tls_cacertdir = /etc/openldap/cacerts ldap_tls_reqcert = allow I do have an issue with a self signed certificate so that is why I am using the ldap_tls_reqcert = allow setting. Can some on please help me straighten out my network login via ldap problem I am having. I was doing the same network login to the same ldap server with Fedora 12 and had no issues at all. Fedora 13 requires tls or ldaps which is where my problems started. I was not using either of them when using Fedora 12. Thank you. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
