Hello, I tried sssd on Ubuntu 10.04 LTS but I did not get it working. Maybe I missed a crucial step? Here is what I did:
What I did: 1) install sssd 2) edit /etc/sssd/sssd.conf and add LDAP entry 3) edit /etc/nsswitch.conf and add sss entry However, getent passwd <username> only serves via LDAP directly. If I remove ldap from my nsswitch.conf, I get no records. Any help is appreciated! Regards, Torsten
# /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: files sss ldap [NOTFOUND=return] db group: files sss ldap [NOTFOUND=return] db shadow: compat hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis
[sssd] config_file_version = 2 # Number of times services should attempt to reconnect in the # event of a crash or restart before they give up reconnection_retries = 3 # if a backend is particularly slow you can raise this timeout here sbus_timeout = 30 services = nss, pam domains = LOCAL # SSSD will not start if you don't configure any domain. # Add new domains condifgurations as [domain/<NAME>] sections. # Then add the list of domains (in the order you want them to be # queried in the 'domains" attribute above and uncomment it [nss] # the following prevents sssd for searching for the root user/group in # all domains (you can add here a comma separated list of system accounts are # always going to be /etc/passwd users, or that you want to filter out) filter_groups = root filter_users = root reconnection_retries = 3 # The EntryCacheTimeout indicates the number of seconds to retain before # an entry in cache is considered stale and must block to refresh. # The EntryCacheNoWaitRefreshTimeout indicates the number of seconds to # wait before updating the cache out-of-band. (NSS requests will still # be returned from cache until the full EntryCacheTimeout). Setting this # value to 0 turns this feature off (default) ; entry_cache_timeout = 600 ; entry_cache_nowait_timeout = 300 [pam] reconnection_retries = 3 # Example LOCAL domain that stores all users natively in the SSSD internal # directory. These local users and groups are not visibile in /etc/passwd, it # now contains only root and system accounts. [domain/LOCAL] description = LOCAL Users domain id_provider = local enumerate = true min_id = 500 max_id = 9999 # Example native LDAP domain ; [domain/LDAP] ; id_provider = ldap ; auth_provider = ldap ; ldap_uri = ldap://ldap.mydomain.org ; ldap_user_search_base = dc=mydomain,dc=org ; ldap_tls_reqcert = demand ; cache_credentials = true ; enumerate = true [domain/LDAP] id_provider = ldap auth_provider = ldap ldap_uri = ldap://ldap.lvm.de ldap_user_search_base = o=lvm,c=de ldap_tls_reqcert = demand cache_credentials = true enumerate = true # Example LDAP domain where the LDAP server is an Active Directory server. ; [domain/AD] ; description = LDAP domain with AD server ; enumerate = false ; min_id = 1000 ; ; id_provider = ldap ; auth_provider = ldap ; ldap_uri = ldap://your.ad.server.com ; ldap_schema = rfc2307bis ; ldap_user_search_base = cn=users,dc=example,dc=com ; ldap_group_search_base = cn=users,dc=example,dc=com ; ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com ; ldap_default_authtok_type = password ; ldap_default_authtok = YOUR_PASSWORD ; ldap_user_object_class = person ; ldap_user_name = msSFU30Name ; ldap_user_uid_number = msSFU30UidNumber ; ldap_user_gid_number = msSFU30GidNumber ; ldap_user_home_directory = msSFU30HomeDirectory ; ldap_user_shell = msSFU30LoginShell ; ldap_user_principal = userPrincipalName ; ldap_group_object_class = group ; ldap_group_name = msSFU30Name ; ldap_group_gid_number = msSFU30GidNumber
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel