[Samba] sssd configuration
Dr. Lars Hanke
lars at lhanke.de
Tue Sep 16 03:39:23 MDT 2014
Am 16.09.2014 09:19, schrieb Karel Lang AFD:
> i'm not completely sure, if this is related to your problem, but when i
> was configuring sssd.conf to look for information at 389 directory
> server i had problem with 'id' command not showing the supplementary
> groups of user.
> Problem was in combination of 'ldap_schema' and 'ldap_group_member'.
> The 'id' command got working properly when i used combination of:
> ldap_schema = rfc2307 with ldap_group_member = memberUID
> ldap_schema = rfc2307bis with ldap_group_member = uniquemember
> Other combinations were failures
> Might that have any infuence?
I won't exclude that such mapping issues may cause what I see, but at
least I know there's neither uniqueMember nor memberUID fields in the
LDAP. Also, it can name the user for PAM and it figures out all groups
it is a member of. So a mapping issue at least doesn't sound like the
first place to look for.
But this is what I hate with all those authentication systems: a lot of
obscure errors don't produce any error message and another lot produces
useless error messages like 'generic authentication failure'. From that
perspective sssd debug options are really commendable, but apparently
still not adequately explanatory.
More information about the samba