[SSSD-users] Re: Unable to login to my kerberos realm

Jakub Hrozek Tue, 01 Aug 2017 12:33:58 -0700

On Tue, Aug 01, 2017 at 03:02:04PM -0400, Louis Garcia wrote:
> I've setup a kdc server and I'm able to kinit from my client and get a
> ticket for ssh, nfs. I am having trouble setting up sssd so I can skip
> kinit. I only setup a kerberos server do I also need a ldap server?
> 
> This is how I configured PAM:  #authconfig --enablesssd --enablesssdauth
> --enablekrb5 --update
> 
> I'm sure not one line of my sssd.conf file is right.
> 
>     [sssd]
>     services = nss, pam
>     config_file_version = 2
>     reconnection_retries = 3
>     sbus_timeout = 30
> 
>     [nss]
>     filter_groups = root
>     filter_users = root
> 
>     [pam]
>     reconnection_retries = 3
>     offline_credentials_expiration = 2
>     offline_failed_login_attempts = 3
>     offline_failed_login_delay = 5
> 
>     [domain/kerberos]
>     id_provider = proxy
>     proxy_lib_name = false


false is almost certainly true, did you mean files?

> 
>     auth_provider = krb5
>     chpass_provider = krb5
>     krb5_realm = MONTCLAIRE.LOCAL
>     krb5_server = panther.montclaire.local
> 
>     cache_credentials = True
>     krb5_store_password_if_offline = True

> _______________________________________________
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

[SSSD-users] Re: Unable to login to my kerberos realm

Reply via email to