search for: ldap_id_use_start_tls

...s. my sssd configuation is bellow [sssd] config_file_version = 2 domains = xxx.xxx services = nss, pam debug_level = 5 [nss] [pam] [domain/xxx.xx] ldap_referrals = false enumerate = true id_provider = ldap #access_provider = ldap auth_provider = ldap ldap_uri = ldap://xxx-DC-A.xxx.xxx:389 ldap_id_use_start_tls = False ldap_auth_disable_tls_never_use_in_production = true ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=xxx,dc=xxx ldap_default_authtok_type = password ldap_default_authtok = xxxxxxxx ldap_schema = rfc2307bis ldap_user_search_base = dc=xx,dc=xx ldap_user_object_class = user ldap_user_home_di...

...umerate = false cache_credentials = True id_provider = ldap auth_provider = krb5 chpass_provider = krb5 krb5_realm = HH3.SITE krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site ldap_uri = ldap://hh16.hh3.site/ ldap_search_base = dc=hh3,dc=site ldap_tls_cacertdir = /usr/local/samba/private/tls ldap_id_use_start_tls = False ldap_default_bind_dn = cn=lynn2,cn=Users,dc=hh3,dc=site ldap_default_authtok = xx ldap_default_authtok_type = password ldap_user_object_class = person ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirecto...

...> > > > [pam] > > > > > > [domain/xxx.xx] > > ldap_referrals = false > > enumerate = true > > > > id_provider = ldap > > #access_provider = ldap > > auth_provider = ldap > > ldap_uri = ldap://xxx-DC-A.xxx.xxx:389 > > ldap_id_use_start_tls = False > > ldap_auth_disable_tls_never_use_in_production = true > > ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=xxx,dc=xxx > > ldap_default_authtok_type = password > > ldap_default_authtok = xxxxxxxx > > > > ldap_schema = rfc2307bis > > > > lda...

...fig_file_version = 2 services = nss, pam, autofs domains = default [nss] filter_groups = root filter_users = root [pam] [domain/default] ldap_uri = ldap://ldap.mydomain.tld ldap_search_base = o=XXX ldap_schema = rfc2307bis id_provider = ldap ldap_user_uuid = entryuuid ldap_group_uuid = entryuuid ldap_id_use_start_tls = True enumerate = False cache_credentials = False ldap_tls_cacertdir = /etc/ssl/certs chpass_provider = ldap auth_provider = ldap ldap_tls_reqcert = never ldap_user_search_base = ou=YYY,o=XXX ldap_group_search_base = ou=YYY,o=XXX access_provider = ldap ldap_access_order = host ldap_user_authorize...

...0x0270 [domain/ADA.DE <http://ada.de/>] enumerate = true cache_credentials = True krb5_realm = ADA.DE <http://ada.de/> ldap_search_base = dc=ada,dc=de krb5_server = ad01.ada.de, ad02.ada.de id_provider = ad auth_provider = ad ldap_uri = ldap://ad01.ada.de:389/, ldap://ad02.ada.de:389/ ldap_id_use_start_tls = True ldap_tls_cacertdir = /etc/openldap/cacerts debug_level = 0x0270 [nss] homedir_substring = /home debug_level = 0x0270 [pam] debug_level = 0x0270 [sudo] debug_level = 0x0270 [autofs] debug_level = 0x0270 [ssh] debug_level = 0x0270 [pac] debug_level = 0x0270 [ifp] debug_level = 0x0270 [...

...R /etc/ssl/certs > SASL_NOCANON on > > My /etc/sssd/sssd.conf: > [domain/default] > ldap_uri = ldap://myldapserver.com/ > ldap_search_base = ou=YYY,o=XXX > ldap_schema = rfc2307bis > id_provider = ldap > ldap_user_uuid = entryuuid > ldap_group_uuid = entryuuid > ldap_id_use_start_tls = True > enumerate = False > cache_credentials = False > ldap_tls_cacertdir = /etc/openldap/cacerts/ > chpass_provider = ldap > auth_provider = ldap > ldap_tls_reqcert = never > ldap_user_search_base = ou=YYY,o=XXX > access_provider = ldap > ldap_access_order = host >...

...gt; [domain/xxx.xx] >>>> ldap_referrals = false >>>> enumerate = true >>>> >>>> id_provider = ldap >>>> #access_provider = ldap >>>> auth_provider = ldap >>>> ldap_uri = ldap://xxx-DC-A.xxx.xxx:389 >>>> ldap_id_use_start_tls = False >>>> ldap_auth_disable_tls_never_use_in_production = true >>>> ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=xxx,dc=xxx >>>> ldap_default_authtok_type = password >>>> ldap_default_authtok = xxxxxxxx >>>> >>>> ldap_sc...

On 05/09/2015 01:24 PM, Jonathan Billings wrote: > Is it normal to have pam_unix and pam_sss twice for each each section? No. See my previous message. I think it's the result of copying portions of SuSE configurations.

...for name service or authentication. Mostly just the openldap tools (ldapsearch, ldapadd, ldapmodify). > The sssd.conf is this: ... > [nss] > filter_groups = root > filter_users = root nitpick: those are the defaults. Probably don't need to set them. > [domain/default] > ldap_id_use_start_tls = True > ldap_tls_cacertdir = /etc/ssl/certs > ldap_tls_reqcert = never Not sure about that setting. "allow" is probably what you want if you're using starttls. > access_provider = ldap > ldap_access_order = host > ldap_user_authorized_host = host ... > When i st...

...ices = nss, pam > debug_level = 5 > > > [nss] > > > [pam] > > > [domain/xxx.xx] > ldap_referrals = false > enumerate = true > > id_provider = ldap > #access_provider = ldap > auth_provider = ldap > ldap_uri = ldap://xxx-DC-A.xxx.xxx:389 > ldap_id_use_start_tls = False > ldap_auth_disable_tls_never_use_in_production = true > ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=xxx,dc=xxx > ldap_default_authtok_type = password > ldap_default_authtok = xxxxxxxx > > ldap_schema = rfc2307bis > > ldap_user_search_base = dc=xx,dc=xx > ld...

Hi all, On a C6 box, when I want to enable LDAP authentication, I issue: # yum -y install nss-pam-ldapd pam_ldap nscd # authconfig --enableldap --enableldapauth --enablemkhomedir \ --ldapserver=ldap://ldap-blabla/ \ --ldapbasedn="blabla" \ --enablecache --disablefingerprint \ --kickstart --update All is working fine, the directory structure is fine and compliant.

On 05/05/2015 06:47 PM, Gordon Messmer wrote: > On 05/05/2015 03:02 AM, Ulrich Hiller wrote: >> /etc/openldap/ldap.conf contains the line: >> ------------------------------------------ >> pam_check_host_attr yes > > /etc/openldap/ldap.conf is the configuration file for openldap clients. > It is not used for system authentication or name service. > >>

...;] > enumerate = true > cache_credentials = True > krb5_realm = ADA.DE <http://ada.de/> > ldap_search_base = dc=ada,dc=de > krb5_server = ad01.ada.de, ad02.ada.de > id_provider = ad > auth_provider = ad > ldap_uri = ldap://ad01.ada.de:389/, ldap://ad02.ada.de:389/ > ldap_id_use_start_tls = True > ldap_tls_cacertdir = /etc/openldap/cacerts > debug_level = 0x0270 > > [nss] > homedir_substring = /home > debug_level = 0x0270 > > [pam] > debug_level = 0x0270 > > [sudo] > debug_level = 0x0270 > > [autofs] > debug_level = 0x0270 > >...

...> > > > [domain/xxx.xx] > > > ldap_referrals = false > > > enumerate = true > > > > > > id_provider = ldap > > > #access_provider = ldap > > > auth_provider = ldap > > > ldap_uri = ldap://xxx-DC-A.xxx.xxx:389 > > > ldap_id_use_start_tls = False > > > ldap_auth_disable_tls_never_use_in_production = true > > > ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=xxx,dc=xxx > > > ldap_default_authtok_type = password > > > ldap_default_authtok = xxxxxxxx > > > > > > ldap_schema = rfc230...

Hi, I'm planing to setup a new samba fileserver as a member to an existing samba 3.x SMB. The old server is still nss-pam-ldapd configured (historic left overs). As I dont have any pressure to have the new server up and running within the next few hours, I liked to set up sssd with our existing openldap. After googling and reading some documentations from redhat/fedora I think I do have a

...f: BASE o=XXX URI ldap://myldapserver.com/ TLS_CACERTDIR /etc/ssl/certs SASL_NOCANON on My /etc/sssd/sssd.conf: [domain/default] ldap_uri = ldap://myldapserver.com/ ldap_search_base = ou=YYY,o=XXX ldap_schema = rfc2307bis id_provider = ldap ldap_user_uuid = entryuuid ldap_group_uuid = entryuuid ldap_id_use_start_tls = True enumerate = False cache_credentials = False ldap_tls_cacertdir = /etc/openldap/cacerts/ chpass_provider = ldap auth_provider = ldap ldap_tls_reqcert = never ldap_user_search_base = ou=YYY,o=XXX access_provider = ldap ldap_access_order = host ldap_user_authorized_host = host autofs_provider =...

...R /etc/ssl/certs > SASL_NOCANON on > > My /etc/sssd/sssd.conf: > [domain/default] > ldap_uri = ldap://myldapserver.com/ > ldap_search_base = ou=YYY,o=XXX > ldap_schema = rfc2307bis > id_provider = ldap > ldap_user_uuid = entryuuid > ldap_group_uuid = entryuuid > ldap_id_use_start_tls = True > enumerate = False > cache_credentials = False > ldap_tls_cacertdir = /etc/openldap/cacerts/ chpass_provider = ldap > auth_provider = ldap ldap_tls_reqcert = never ldap_user_search_base = > ou=YYY,o=XXX access_provider = ldap ldap_access_order = host > ldap_user_authori...

...ains" attribute below and uncomment it. # domains = LDAP [nss] filter_groups = root filter_users = root [pam] [domain/default] ldap_uri = ldap://myldapserver.mydomain ldap_search_base = o=XXXX ldap_schema = rfc2307bis id_provider = ldap ldap_user_uuid = entryuuid ldap_group_uuid = entryuuid ldap_id_use_start_tls = True enumerate = False cache_credentials = False ldap_tls_cacertdir = /etc/openldap/cacerts/ chpass_provider = ldap auth_provider = ldap ldap_tls_reqcert = never ldap_user_search_base = ou=YYYY,o=XXXX ldap_group_search_base = ou=YYYY,o=XXXX access_provider = ldap ldap_access_filter = memberOf=ou...

...tofs_provider = ldap cache_credentials = True krb5_realm = # ldap_search_base = ou=Main,o=company id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://ldap.our.domain/ ldap_group_search_base = ou=Group,ou=Main,o=company ldap_user_search_base = ou=People,ou=Main,o=company ldap_id_use_start_tls = False ldap_tls_cacertdir = /etc/openldap/cacerts ldap_tls_reqcert = allow #debug_level = 4 refresh_expired_interval = 120 enumerate = True ldap_referrals = False [sssd] services = nss, pam, autofs config_file_version = 2 domains = default [nss] homedir_substring = /home entry_cache_timeout = 540...

..._credentials = True > > krb5_realm = ADA.DE <http://ada.de/> > > ldap_search_base = dc=ada,dc=de > > krb5_server = ad01.ada.de, ad02.ada.de > > id_provider = ad > > auth_provider = ad > > ldap_uri = ldap://ad01.ada.de:389/, ldap://ad02.ada.de:389/ > > ldap_id_use_start_tls = True > > ldap_tls_cacertdir = /etc/openldap/cacerts > > debug_level = 0x0270 > > > > [nss] > > homedir_substring = /home > > debug_level = 0x0270 > > > > [pam] > > debug_level = 0x0270 > > > > [sudo] > > debug_level = 0x0270...