Hi,

I'm an authentication problem with my server CentOS 6.3, there are installer LDAP (openldap-2.4.23-26) and SSSD (sssd-1.8.0-32).

The LDAP server is working fine but the integration between LDAP + SSSD has a problem because it can not authenticate the user on the server

Can anyone help me identify the problem?

I've revised all the configuration and found nothing wrong.

::::: slapd.conf :::::

include /etc/openldap/schema/core.schema

include /etc/openldap/schema/cosine.schema

include /etc/openldap/schema/inetorgperson.schema

include /etc/openldap/schema/nis.schema

include /etc/openldap/schema/misc.schema

allow bind_v2

pidfile /var/run/openldap/slapd.pid

TLSCACertificateFile /etc/openldap/cacert.pem

TLSCertificateFile /etc/openldap/servercrt.pem

TLSCertificateKeyFile /etc/openldap/serverkey.pem

access to *

       by self write

       by users auth

       by anonymous read

database bdb

suffix "dc=domain,dc=com,dc=br"

checkpoint      1024 15

rootdn "cn=Manager,dc=domain,dc=com,dc=br"

rootpw          xxxxxxxxxx

directory       /database/ldap

index objectClass                       eq,pres

index ou,cn,mail,surname,givenname      eq,pres,sub

index uidNumber,gidNumber,loginShell    eq,pres

index uid,memberUid                     eq,pres,sub

index nisMapName,nisMapEntry            eq,pres,sub

database monitor

loglevel        768

::::: sssd.conf :::::

[sssd]

config_file_version = 2

reconnection_retries = 3

sbus_timeout = 30

services = nss, pam

domains = default

[nss]

filter_groups = root

filter_users = root

reconnection_retries = 3

[pam]

reconnection_retries = 3

debug_level = 8

[domain/default]

ldap_tls_reqcert = never

auth_provider = ldap

ldap_id_use_start_tls = False

chpass_provider = ldap

krb5_realm = EXAMPLE.COM

cache_credentials = True

debug_timestamps = True

ldap_default_authtok_type = password

ldap_search_base = dc=domain,dc=com,dc=br

debug_level = 9

id_provider = ldap

ldap_default_bind_dn = cn=Manager,dc=domain,dc=com,dc=br

min_id = 100

ldap_uri = ldap://localhost/

krb5_kdcip = kerberos.example.com

ldap_default_authtok = xxxxxxxxxx

ldap_tls_cacertdir = /etc/openldap/cacerts

:::: nsswitch.conf :::::

passwd:     files sss

shadow:     files sss

group:      files sss

hosts:      files dns

bootparams: nisplus [NOTFOUND=return] files

ethers:     files

netmasks:   files

networks:   files

protocols:  files

rpc:        files

services:   files 

netgroup:   files sss

publickey:  nisplus

automount:  files ldap

aliases:    files nisplus

LOG: 

Feb 18 14:50:01 primario slapd[16064]: conn=1119 op=185 SRCH base="dc=domain,dc=com,dc=br" scope=2 deref=0 filter="(&(uid=cristiane)(objectClass=posixAccount))"

Feb 18 14:50:01 primario slapd[16064]: conn=1119 op=185 SRCH attr=objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn modifyTimestamp modifyTimestamp shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdAttribute authorizedService accountExpires userAccountControl nsAccountLock host loginDisabled loginExpirationTime loginAllowedTimeMap

Feb 18 14:50:01 primario slapd[16064]: conn=1119 op=185 SEARCH RESULT tag=101 err=32 nentries=0 text=

Thanks

Cristiane