Kinda frustrated because this used to be so easy in SLE11...
Out of curiosity, how do I make it so that we can log into our new SLE12 box with our LDAP accounts?
So far, I've got this, from various posts on the forums, but it's not working...
I've also tried it with an ldap server URL of ldaps://ourserver.millikin.edu:636, but it didn't make a difference. I also don't see any references to LDAP connections when I run "netstat -aln | grep tcp"edit /etc/nsswitch.conf, set:
passwd: compat sss
group: compat sss
edit /etc/sssd/sssd.conf, contents:
config_file_version = 2
services = nss, pam
domains = LDAP
filter_groups = root
filter_users = root
id_provider = ldap
auth_provider = ldap
ldap_schema = rfc2307bis
ldap_user_object_class = posixAccount
debug_level = 20
access_provider = ldap
ldap_uri = ldap://ourldapserver.millikin.edu
ldap_search_base = ou=tech,o=mu
create_homedir = true
ldap_tls_cacert = /etc/sssd/certs/rootcert.pem
ldap_tls_cacertdir = /etc/sssd/certs
ldap_id_use_start_tls = true
execute the following from root's command line:
pam-config --add --mkhomedir
The thing that's making this more difficult is that nothing's getting logged to /var/log/sssd, no matter what value I put in the debug_level parameter. There aren't even any files that get created in there. I also tried using ndstrace on the box that this points to (eDirectory on an OES2 box) and it's not reporting any attempts from this host. Also, /var/log/messages says:
2015-12-03T11:18:59.407125-06:00 muwacmaster sshd: Invalid user myusername from 172.20.9.87
2015-12-03T11:18:59.411807-06:00 muwacmaster sshd: input_userauth_request: invalid user myusername [preauth]
2015-12-03T11:18:59.414338-06:00 muwacmaster sshd: Postponed keyboard-interactive for invalid user myusername from 172.20.9.87 port 54501 ssh2 [preauth]
2015-12-03T11:19:01.528568-06:00 muwacmaster sshd: pam_unix(sshd:auth): check pass; user unknown
2015-12-03T11:19:01.529166-06:00 muwacmaster sshd: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mypc.it.millikin.edu
so it's like SSSD isn't even functioning?
When I view the user auth section in YaST it indicates that SSSD is configured though.
What am I doing wrong?