On Mon, May 10, 2010 at 12:05 PM, Nalin Dahyabhai wrote: > On Thu, May 06, 2010 at 02:59:59PM -0700, David L wrote: >> I'm trying to authenticate with ldap on f13 using the same ldap.conf I'm using >> successfully on f12. But it doesn't like my password and I see a message like >> this in /var/log/secure: >> >> May 6 14:37:22 empire su: pam_sss(su:auth): received for user foo: 10 >> (User not known to the underlying authentication module) > > The pam_sss module is part of SSSD, which doesn't use /etc/ldap.conf. > The SSSD service is configured in /etc/sssd/sssd.conf, and I think in > F13, it's used when you configure the system to use LDAP. > > Other than dropping ldap.conf in place, how did you configure the > system? Did you choose LDAP during installation, run > system-config-authentication afterward, or something else? When I upgrade between fedora releases, I usually install with only local users, then run system-config-authentication and select "Enable LDAP support" on the "User Information" tab and on the "Authentication" tab and then click "OK". Then I just copy the old /etc/ldap.conf from the previous release over the one in /etc on the new release. I do this because the "Configure LDAP" gui doesn't have enough functionality to create the ldap.conf that my sys admin set up for an old version of fedora (like fc6). This procedure has worked fine until recent releases. f13 seems to have changed more with respect to authentication than other releases though... for example, the system-config-authentication GUI no longer has the same tabs and it gives error messages under certain conditions if TLS is not used to encrypt connections. On f12, I have the "Use TLS to encrypt connections" unchecked and the "LDAP Server" starts with "ldap://";, not "ldaps://", but IIRC, f13 gives an error message given the same configuration in the gui. What do I need to do to migrate the ldap.conf settings that I posted in the first messages of this thread to get ldap authentication working in f13? Thanks, David -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
