Force authentication to use sssd not nslcd
5,430
Stop & disable nslcd:
systemctl stop nslcd
systemctl disable nslcd
Rerun authconfig but this time try to use all options on the same line and use --disableldapauth instead of --enableldapauth:
authconfig --enablelocauthorize --enableldap --disableldapauth --ldapserver="ipa.example.com" --ldapbasedn="dc=example,dc=com" --enablerfc2307bis --enableldaptls --enablemkhomedir --enablecachecreds --enablekrb5 --krb5kdc="ipa.example.com" --krb5adminserver="ipa.example.com" --krb5realm="EXAMPLE.COM" --enablekrb5kdcdns --enablekrb5realmdns --enablesssd --enablesssdauth --update
Related videos on Youtube
Author by
Shaked
Updated on September 18, 2022Comments
-
Shaked over 1 year
What I did was:
vim /etc/sysconfig/authconfig USESSSDAUTH=yes USESSSD=yes FORCELEGACY=no
Then:
authconfig --enablesssd --enablesssdauth --enablelocauthorize --update authconfig --enableldap --enableldapauth --ldapserver="ipa.example.com" --ldapbasedn="dc=example,dc=com" --enablerfc2307bis --enableldaptls --update authconfig --enablemkhomedir --enablecachecreds --update authconfig --enablekrb5 --krb5kdc="ipa.example.com" --krb5adminserver="ipa.example.com" --krb5realm="EXAMPLE.COM" --update authconfig --enablekrb5kdcdns --enablekrb5realmdns --update
after that I have added
ldap_tls_reqcert = never
to
/etc/sssd/sssd.conf
For some unknown reason, the server still using nslcd to authentication. If am inside root user and trying to
su - LDAPuser
it works. However, when I am inside normal user (local user), and I am trying to su into LDAP user, I am getting:
su: Authentication service cannot retrieve authentication info
by looking at
systemctl status nslcd -l Jul 24 13:18:21 server2.example.com nslcd[74273]: [482a97] <group/member="shaked"> no available LDAP server found: Server is unavailable: Resource temporarily unavailable Jul 24 13:18:25 server2.example.com nslcd[74273]: [63b9ea] <group/member="root"> no available LDAP server found: Server is unavailable: Resource temporarily unavailable
^^^ "shaked" is my local user
systemctl status sssd -l
^^^ doesn't give any errors
The content of /etc/nsswitch.conf passwd: files sss ldap shadow: files sss ldap group: files sss ldap hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files sss netgroup: files sss ldap publickey: nisplus automount: files sss ldap aliases: files nisplus
My OS is CentOS 7.