Stephen, I've fixed the problem. I copied over system-auth from another system and it worked. I reconfigured the files again, started the sssd daemon, and now everything works !
I guess I need to do some homework concerning PAM, LDAP and Kerberos :-) Anyway, testing the offline mode now, see if that works too. Thanks for the input so far ! cheers, Andy 2010/8/19 Stephen Gallagher <sgall...@redhat.com> > > "Invalid credentials" sounds like exactly what it is. You entered the > wrong password. First, verify that the user in LDAP really is > "cn=nxp21358,ou=Personal,ou=People,ou=NXDI,o=NXP". > > After that, try using ldapsearch to bind to that user from either > machine with a command like: > ldapsearch -ZZ -x -H ldap://ldap.xxx.yyy.zzz -b ou=NXDI,o=NXP \ > - -D cn=nxp21358,ou=Personal,ou=People,ou=NXDI,o=NXP \ > - -W cn=nxp21358 > > If that works on both systems, then my best guess is that you probably > don't have your client code set up to use STARTTLS when sending the > password, and your server denies binding without encryption. > > Please note, this is not the right forum for pam_ldap questions. We're > trying to replace pam_ldap, after all :) > > > I think your real problem here is that you're trying to configure both > pam_ldap and SSSD together, and they are not designed to operate > together. It would be much wiser to get away from pam_ldap entirely. > > - -- > Stephen Gallagher > RHCE 804006346421761 > > Delivering value year after year. > Red Hat ranks #1 in value among software vendors. > http://www.redhat.com/promo/vendor/ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.14 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkxtH+wACgkQeiVVYja6o6PeywCgj87oqXWA/teVkcUTzjifVuAm > Y5wAn3CfacRL4UiFWtM+oCX/ExJanOyi > =YsrX > -----END PGP SIGNATURE----- > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/sssd-devel >
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
