I’ve had so much trouble getting LDAP authentication to work that I’m reverting to NIS.
I’ve set up the NIS server and I’ve got NIS authentication to work just fine in a vm which has openSUSE 13.2 on it and has never been configured for LDAP.
My main workstation has been configured (or at least I attempted to be configure) to use LDAP for authentication and has sssd running. I don’t know if it’s sssd and my failed attempts to get LDAP working that’s causing the problem but trying to log in as a NIS user fails to validate the password with “Authentication service cannot retrieve authentication info”.
Examining the working vm shows sssd as** not** configured whereas the workstation shows sssd as configured even though I’ve deleted the domain I tried to set up.
What can I do to get the workstation showing sssd not configured?
In the end I used journalctl to find out that pam_sssd was the problem so I used grep to find instances in /etc/pam.d and then edited all the pam files on the workstation to match the files in the (working) vm.
common-account -> common-account-pc
common-auth -> common-auth-pc
common-password -> common-password-pc
common-session -> common-session-pc
Not very neat, I know, but it did work.
Following the comment from** LewsTherinTelemon** I re-installed the pam files - yes, I did back them up first - and uninstalled sssd_ldap which is a much neater solution.
I have been using LDAP here for years. Only tried to use SSSD once. When I saw that you could not configure which branches to use in LDAP for passwd shadow group hosts, I switched back to normal LDAP.
If you still which to use LDAP I can help you set it up.
You will need to install nss_ldap and pam_ldap. You will have to configure manually as the YaST GUI stop supporting this around 11.4 I think.
Thanks for your time & input. I had LDAP authentication working just fine under 13.1 using the YaST ldap_client module which has been dropped from 13.2 for some reason. I had to rebuild the workstation after a HDD died so I was re-installing 13.2 from scratch (rather than just an upgrade as before) and just couldn’t get it to work. I could get the LDAP browser to connect fine, just no authentication
I originally started using LDAP to learn about it and up the old skill set. Now that I’m a retired geriatric, the skill set is moot and I just want to get something to work ;).
I’m running a small mixed home system and NIS will be fine for the *nix boxes and I can use Samba for the Windoze stuff so I’ll give up on LDAP and live with NIS.
You are welcome. I would agree that for home use NIS would be enough and not as difficult to setup. The yast2 package was not dropped in 13.2 it was renamed to yast-auth-client and yast-auth-server.
I do wish that YaST2 would have better LDAP support like create the Base DN when it creates the database. If it was not for phpldapadmin I might not be using LDAP today. On first use it said that there was not a base DN do want me to create it?