login to Suse via LDAP + Kerberos

Hello!

One more question about Kerberos + LDAP :wink:

I have working connection to LDAP via Kerberos:


# ldapsearch -H ldaps://plhqsrldap01 -b dc=testit,dc=pl
SASL/GSSAPI authentication started
SASL username: test@TESTIT.PL
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <dc=testit,dc=pl> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# testit.pl
dn: dc=testit,dc=pl
dc: testit
o: testit
objectClass: organization
objectClass: dcObject

# users, testit.pl
dn: ou=users,dc=testit,dc=pl
objectClass: top
objectClass: organizationalUnit
ou: users
description: Uzytkownicy

# akow, users, testit.pl
dn: cn=akow,ou=users,dc=testit,dc=pl
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
givenName: Andrzej
sn: Kowalski
cn: akow

# test, users, testit.pl
dn: cn=test,ou=users,dc=testit,dc=pl
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
givenName: Teeee
sn: Sttt
cn: test
uid: test

# search result
search: 5
result: 0 Success

# numResponses: 5
# numEntries: 4


When I do ldapwhoami in client, I see:


# ldapwhoami -H ldaps://plhqsrldap01
SASL/GSSAPI authentication started
SASL username: test@TESTIT.PL
SASL SSF: 56
SASL data security layer installed.
dn:uid=test,cn=gssapi,cn=auth


Next step in doc (Chapter) is to configure LDAP mapping:


ccess to dn="*,ou=users,dc=testit,dc=pl" attrs=logonShell
        by self write


authz-regexp
        uid=(.*),cn=GSSAPI,cn=auth
        uid=$1,ou=users,dc=testit,dc=pl


Client Yast configuration looks like:
LK.png:http://imageupload.org/thumb/thumb_165428.png](http://imageupload.org/?d=396A791B1)
LK2.png:http://imageupload.org/thumb/thumb_165430.png](http://imageupload.org/?d=7F4B77081)

When I try to ligin to system, then it fails and I see that error in /var/log/messages:


Jan 18 14:07:40 linux-5k5p login[4371]: pam_sss(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=test
Jan 18 14:07:40 linux-5k5p login[4371]: pam_sss(login:auth): received for user test: 10 (User not known to the underlying authentication module)
Jan 18 14:07:40 linux-5k5p login[4371]: FAILED LOGIN SESSION FROM /dev/tty1 FOR UNKNOWN, User not known to the underlying authentication module

What can be wrong in my configuration?