On Tue, 2011-06-21 at 11:31 -0400, Dan Scott wrote: > Hi, > > On Tue, Jun 21, 2011 at 11:20, Stephen Gallagher <sgall...@redhat.com> wrote: > > On Tue, 2011-06-21 at 11:06 -0400, Dan Scott wrote: > >> Hi, > >> > >> I'm still running a FreeIPA 1.2 server but have started installing > >> Fedora 15 clients and am trying to figure out how to manually setup > >> the Krb/LDAP configuration. > >> > >> I've run the 'authconfig-tui' command and manually setup Krb > >> authentication and LDAP authorisation, using DNS discovery for the > >> servers. The authentication is working correctly, but when I run 'id > >> $USERNAME' I don't receive the correct groups, so I believe that > >> Kerberos is working, but the LDAP configuration is wrong. I've turned > >> the sssd loglevel up to 100, but I can't figure out why I'm not > >> getting the correct groups > >> > >> My system has a variety of files and I'm not sure which are still in use: > >> > >> /etc/krb5.conf > >> /etc/pam_ldap.conf > >> /etc/sssd/sssd.conf > >> > >> On Fedora 14 and earlier, there used to be an '/etc/nss_ldap.conf' - > >> this is not present on F15. > >> > >> Can anyone help me figure out how to get the group lookups working? > > > > > > Probably you need to add ldap_schema=rfc2307bis into the > > [domain/default] section of /etc/sssd/sssd.conf. > > > > If you just set authconfig up as an LDAP server, it defaults to > > ldap_schema = rfc2307, which uses a different attribute on the server to > > contain group memberships. > > Thanks, but I've tried both of those entries - it doesn't appear to > make any difference. > > Dan
Could you attach your (sanitized) /etc/sssd/sssd.conf, /etc/krb5.conf, /etc/nsswitch.conf and /etc/pam.d/system-auth?
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users