Error No matching domain found for 5001 in sssd_nss.log

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I will admit that getting fedora 13 to authenticate against my dirsrv 
ldap server has been an interesting experience.  I still do not think I 
have it right since getent passwd does not display the ldap users but 
for some reason I am able to log in with my ldap user name and password 
and the home directory mapping is pulled out of ldap.

This error is in my sssd.nss.log file after reboot when I try to log in.
[sssd[nss]] [nss_cmd_getgrgid_callback] (0): No matching domain found 
for [5001], fail!
The interesting thing is that the uid for the user trying to 
authenticate is 5001 so that must be coming back from the ldap server.

Here is what matters in my nsswitch.conf file.
passwd:     files sss
shadow:     files sss
group:      files sss

If I change that to files ldap then getent passwd will return my ldap 
users but then initial boot takes about 10 minutes since the computer 
tries to contact the ldap server during boot up before the ethernet card 
has been brought up.

Here is what matters from my sssd.conf file.
[domain/xxxxxxx] (where xxxxxxx is the domain in ldap)
ldap_id_use_start_tls = True
cache_credentials = True
debug_level = 0
ldap_search_base = dc=nissley,dc=org
chpass_provider = ldap
id_provider = ldap
auth_provider = ldap
cache_credentials = True
min_id = 100
ldap_uri = ldap://192.168.10.7
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_reqcert = allow

I do have an issue with a self signed certificate so that is why I am 
using the ldap_tls_reqcert = allow setting.

Can some on please help me straighten out my network login via ldap 
problem I am having.  I was doing the same network login to the same 
ldap server with Fedora 12 and had no issues at all.  Fedora 13 requires 
tls or ldaps which is where my problems started.  I was not using either 
of them when using Fedora 12.

Thank you.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux