Hi, I'm trying to get the GDM login manager to work with sssd and LDAP authentication. So far one can login with ssh, getent passwd shows all LDAP users and su - also works. But GDM says "Authentication failure". I searched Google for this but did not found something useful or just for old Fedora releases or without the new fancy sssd. The kickstart "authconfig" command or the GUI "system-config-authentication" did not produce any config that worked. We are using Sun sirectory server.
I also noticed that there are lot of places where to configugure LDAP client config: /etc/sssd/sssd.conf, /etc/openldap/ldap.conf, /etc/sysconfig/autofs. The packages pam_ldap and nss_ldap are missing on the Fedora 14 DVD. Also the autofs package is missing on the DVD. How can one get the graphical login manager to work with LDAP authentication via sssd? My config: /etc/nsswitch.conf passwd: files sss shadow: files sss group: files sss /etc/sssd/sssd.conf [sssd] config_file_version = 2 debug_level = 10 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam domains = LOCAL,LDAP [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 [domain/LOCAL] description = LOCAL Users domain id_provider = local enumerate = true min_id = 500 max_id = 999 [domain/LDAP] id_provider = ldap auth_provider = ldap ldap_schema = rfc2307 ldap_uri = ldap://ldap.example.com ldap_search_base = dc=example,dc=com ldap_default_bind_dn = cn=proxyagent,ou=special_users,dc=example,dc=com ldap_default_authtok_type = password ldap_default_authtok = mypassword ldap_user_search_base = ou=people,dc=example,dc=com ldap_group_search_base = ou=group,dc=example,dc=com ldap_tls_reqcert = never cache_credentials = true enumerate = true /etc/pam.d/gdm auth [success=done ignore=ignore default=bad] pam_selinux_permit.so auth required pam_succeed_if.so user != root quiet auth required pam_env.so auth substack system-auth auth optional pam_gnome_keyring.so account required pam_nologin.so account include system-auth password include system-auth session required pam_selinux.so close session required pam_loginuid.so session optional pam_console.so session required pam_selinux.so open session optional pam_keyinit.so force revoke session required pam_namespace.so session optional pam_gnome_keyring.so auto_start session include system-auth /etc/pam.d/gdm-password auth [success=done ignore=ignore default=bad] pam_selinux_permit.so auth substack password-auth auth required pam_succeed_if.so user != root quiet auth optional pam_gnome_keyring.so account required pam_nologin.so account include password-auth password include password-auth session required pam_selinux.so close session required pam_loginuid.so session optional pam_console.so session required pam_selinux.so open session optional pam_keyinit.so force revoke session required pam_namespace.so session optional pam_gnome_keyring.so auto_start session include password-auth
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
