It's not going to show you the ldap users only the local ones.
Sincerely,
Doug Tucker
On 01/14/2013 09:17 AM, Chaudhari, Rohit K. wrote:
The id <ldap-user-name> command works just fine. That is not where I
am having the issue. The issue lies in the local Users and Groups
list in the RHEL client.
When I click through System->Administration->Users and Groups, the
ldap-user-name is not showing up on that list. How do I get it to
show up on that list? This is a concern to me because my bosses are
questioning whether the ldap-user-name I created has proper ACL
privileges and would meet DIACAP requirements.
Thanks,
Rohit
From: Chandan Kumar <chandank.kumar@xxxxxxxxx
<mailto:chandank.kumar@xxxxxxxxx>>
Reply-To: "General discussion list for the 389 Directory server
project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx
<mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>
Date: Monday, January 7, 2013 1:43 PM
To: "General discussion list for the 389 Directory server project."
<389-users@xxxxxxxxxxxxxxxxxxxxxxx
<mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>
Subject: Re: How to set up 389 client
Sounds bit strange. what is out put of "id <ldap-user-name>". If sssd
is configured properly this command has to work. Moreover, while you
execute this command watch /var/log/secure.log for any error messages.
Also disable selinux/Firewall and test.
On Monday, January 7, 2013, Chaudhari, Rohit K. wrote:
I configured everything with SSSD as you suggested. I'm able to
do successful logins authenticating against the LDAP server, but
when I check the Users and Groups list on the client machine, that
newly created user isn't added. Thoughts?
Thanks.
From: Chandan Kumar <chandank.kumar@xxxxxxxxx <javascript:_e({},
'cvml', 'chandank.kumar@xxxxxxxxx');>>
Reply-To: "General discussion list for the 389 Directory server
project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx <javascript:_e({},
'cvml', '389-users@xxxxxxxxxxxxxxxxxxxxxxx');>>
Date: Monday, January 7, 2013 1:36 PM
To: "General discussion list for the 389 Directory server
project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx <javascript:_e({},
'cvml', '389-users@xxxxxxxxxxxxxxxxxxxxxxx');>>
Subject: Re: How to set up 389 client
are you using SSSD on client side or PADL/NSS?
On Monday, January 7, 2013, Chaudhari, Rohit K. wrote:
I do specify the POSIX properties on the LDAP side. But when
I login with that created user on the client side and check
the Users and Groups list on the client machine, it is not
listed there. I did avoid the warning message by adding the
LDAP user to a group that already exists. I want the user I
create in LDAP to become listed in the Users and Groups list
on the client (for ACL purposes, if you know anything
regarding meeting DIACAP guidelines). Did I miss something?
Thanks
From: Chandan Kumar <chandank.kumar@xxxxxxxxx>
Reply-To: "General discussion list for the 389 Directory
server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Monday, January 7, 2013 11:39 AM
To: "General discussion list for the 389 Directory server
project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: How to set up 389 client
Hello Rohit,
While creating users you also need to specify POSIX properties
for the user.
In admin console you need to fill out posix properties details
while creating the user. Also make sure you create posix
groups and associate these new users with the group ID
otherwise while login time you may get some warning message
like "id: Group does not exist".
--
http://about.me/chandank
On Mon, Jan 7, 2013 at 7:27 AM, Chaudhari, Rohit K.
<Rohit.Chaudhari@xxxxxxxxxx> wrote:
Hey Chandan,
So I got the RHEL client working, but I have an
outstanding issue. When I look at the users/groups
setting on the client machine, the newly created user that
I made on the RHEL LDAP server does not show up on the
list. Is this how it is supposed to work? If not, how do
I get a LDAP user to become a part of the users and groups
list on the RHEL client?
Thanks,
Rohit
From: Chandan Kumar <chandank.kumar@xxxxxxxxx>
Reply-To: "General discussion list for the 389 Directory
server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Thursday, December 20, 2012 6:21 PM
To: "General discussion list for the 389 Directory server
project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: How to set up 389 client
Yes do need to replace it with SSSD. If you are having a
fresh Centos install, by default it is sssd only.
Best way would be to use the authconfig tool as it changes
all related files and you don't have to manually change
all of them. Moreover, you also need change the nss.conf
file and make sure groups/users do have sssd instead of ldap.
From RHEL 6.4 sssd will be fully supported and it gives
better performance if you intend to integrate many
applications with LDAP as it does not open multiple
connections with the directory server.
I will look that guide again and will try to improve it.
On Thursday, December 20, 2012, Chaudhari, Rohit K. wrote:
Okay I will try checking those parameters. I am doing
sssd, I used ldap pan before in CentOS 6 and that ha
--
--
http://about.me/chandank
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
