Hi there, http://www.port389.org/docs/389ds/howto/howto-sssd.html http://www.port389.org/docs/389ds/howto/quickstart.html#setup-sssd The quickstart has some parts about cert management, but the howto-sssd is the configuration I use. You'll need to also adjust pam/nsswitch. On opensuse you'll need to change: common-account-pc common-auth-pc common-password-pc common-session-pc You can find my versions here: https://github.com/Firstyear/ansible-home/tree/master/templates/auth/pam.d https://github.com/Firstyear/ansible-home/blob/master/templates/auth/nsswitch.conf It's always a good idea to keep backups, know how to single user the machine, and to test that after the changes are made that no password/wrong password/wrong username all get denied access etc. Does that help? > On 26 Aug 2019, at 17:39, Nicolas Kovacs <info@xxxxxxxxxxxxx> wrote: > > Hi, > > So I finally managed to get a 389 Directory Server up and running on a > spare CentOS 7 server. I can open the console even on a remote desktop > (using ssh -X), connect to my LDAP database, create a handful of users, > and I even managed to setup TLS. > > The next step is getting a Linux client to authenticate using the > credentials stored on my servers. > > Normally I'm running OpenSUSE Leap 15.1 KDE on all my desktop clients, > but for the sake of experimenting, information about any distribution is > welcome. > > So far I've been using a bone-headed NIS/NFS setup, which I intend to > replace with 389 DS and secure connections. > > I tried to connect my OpenSUSE clients to my 389 DS where I had the odd > fleeting success and many failures. You know that feeling when you spent > a whole weekend on a configuration and things still don't work? > > I'd like to get a firm grasp on how to connect my Linux clients to the > 389 DS. So ideally I'd be glad to find some detailed documentation about > that. Even if it's based on a different distribution. > > Cheers, > > Niki > > -- > Microlinux - Solutions informatiques durables > 7, place de l'église - 30730 Montpezat > Site : https://www.microlinux.fr > Mail : info@xxxxxxxxxxxxx > Tél. : 04 66 63 10 32 > Mob. : 06 51 80 12 12 > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
