Re: User unable to login with ldap_access_filter on

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Try taking out access_provider, if I'm not mistaken that is to be used with the host attribute and pam must have pam_sss.so 

Another thing you can do is 

access_provider = simple
simple_allow_users = jsmith,bjensen
simple_allow_groups = itgroup

Which will work for ldap groups too. 

Dan

On May 28, 2013, at 5:45 PM, Fosiul Alam <fosiul@xxxxxxxxx> wrote:

> Hi Bellow is my sssd.conf
> 
> with bellow setting, user cant login. 
> but if i remove ldap_access_filter , then all user can access
> 
> What i am doing wrong...     
> i just want user from "techops" group to access this server..
> 
> 
> any help will be really grateful .
> 
> [sssd]
> config_file_version = 2
> services = nss, pam
> domains = LDAP
> 
> [nss]
> filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
> 
> [pam]
> 
> [domain/LDAP]
> id_provider = ldap
> auth_provider = ldap
> ldap_schema = rfc2307
> ldap_uri = ldap://auth2.xxxxxx.lan/,ldap://auth1.xxxxxxxlan/
> ldap_search_base = l=uk,dc=xxxx,dc=lan
> ldap_tls_reqcert = demand
> cache_credentials = true
> enumerate = true
> debug_level = 10
> ldap_tls_cacertdir = /etc/openldap/xxx/
> ldap_tls_cert = /etc/openldap/cacerts/CA-xxx.crt
> access_provider = ldap
> ldap_access_filter = memberUid=cn=techops,ou=groups,l=uk,dc=xxxx,dc=lan
> #entry_cache_timeout = 600
> #ldap_network_timeout = 3
> 
> 
> and the log i get from secure  file
> 
> 2013-05-28T22:13:02.782543+01:00 uk-xxxxx-1 sshd[4172]: pam_sss(sshd:auth): received for user mtest: 9 (Authentication service cannot retrieve authentication info)
> 2013-05-28T22:13:04.597478+01:00 uk-xxxx-1 sshd[4172]: Failed password for mtest from xxx.xx.xx.xx port 52664 ssh2
> 
> 
> Thanks
> 
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users





[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux