[Freeipa-users] Configuring a Fedora 15 client to connect to a FreeIPA 1.2 server
Dan Scott
danieljamesscott at gmail.com
Tue Jun 21 15:31:15 UTC 2011
Hi,
On Tue, Jun 21, 2011 at 11:20, Stephen Gallagher <sgallagh at redhat.com> wrote:
> On Tue, 2011-06-21 at 11:06 -0400, Dan Scott wrote:
>> Hi,
>>
>> I'm still running a FreeIPA 1.2 server but have started installing
>> Fedora 15 clients and am trying to figure out how to manually setup
>> the Krb/LDAP configuration.
>>
>> I've run the 'authconfig-tui' command and manually setup Krb
>> authentication and LDAP authorisation, using DNS discovery for the
>> servers. The authentication is working correctly, but when I run 'id
>> $USERNAME' I don't receive the correct groups, so I believe that
>> Kerberos is working, but the LDAP configuration is wrong. I've turned
>> the sssd loglevel up to 100, but I can't figure out why I'm not
>> getting the correct groups
>>
>> My system has a variety of files and I'm not sure which are still in use:
>>
>> /etc/krb5.conf
>> /etc/pam_ldap.conf
>> /etc/sssd/sssd.conf
>>
>> On Fedora 14 and earlier, there used to be an '/etc/nss_ldap.conf' -
>> this is not present on F15.
>>
>> Can anyone help me figure out how to get the group lookups working?
>
>
> Probably you need to add ldap_schema=rfc2307bis into the
> [domain/default] section of /etc/sssd/sssd.conf.
>
> If you just set authconfig up as an LDAP server, it defaults to
> ldap_schema = rfc2307, which uses a different attribute on the server to
> contain group memberships.
Thanks, but I've tried both of those entries - it doesn't appear to
make any difference.
Dan
More information about the Freeipa-users
mailing list