Hello!
One more question about Kerberos + LDAP
I have working connection to LDAP via Kerberos:
# ldapsearch -H ldaps://plhqsrldap01 -b dc=testit,dc=pl
SASL/GSSAPI authentication started
SASL username: test@TESTIT.PL
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <dc=testit,dc=pl> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# testit.pl
dn: dc=testit,dc=pl
dc: testit
o: testit
objectClass: organization
objectClass: dcObject
# users, testit.pl
dn: ou=users,dc=testit,dc=pl
objectClass: top
objectClass: organizationalUnit
ou: users
description: Uzytkownicy
# akow, users, testit.pl
dn: cn=akow,ou=users,dc=testit,dc=pl
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
givenName: Andrzej
sn: Kowalski
cn: akow
# test, users, testit.pl
dn: cn=test,ou=users,dc=testit,dc=pl
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
givenName: Teeee
sn: Sttt
cn: test
uid: test
# search result
search: 5
result: 0 Success
# numResponses: 5
# numEntries: 4
When I do ldapwhoami in client, I see:
# ldapwhoami -H ldaps://plhqsrldap01
SASL/GSSAPI authentication started
SASL username: test@TESTIT.PL
SASL SSF: 56
SASL data security layer installed.
dn:uid=test,cn=gssapi,cn=auth
Next step in doc (Chapter) is to configure LDAP mapping:
ccess to dn="*,ou=users,dc=testit,dc=pl" attrs=logonShell
by self write
authz-regexp
uid=(.*),cn=GSSAPI,cn=auth
uid=$1,ou=users,dc=testit,dc=pl
Client Yast configuration looks like:
LK.png:http://imageupload.org/thumb/thumb_165428.png](http://imageupload.org/?d=396A791B1)
LK2.png:http://imageupload.org/thumb/thumb_165430.png](http://imageupload.org/?d=7F4B77081)
When I try to ligin to system, then it fails and I see that error in /var/log/messages:
Jan 18 14:07:40 linux-5k5p login[4371]: pam_sss(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=test
Jan 18 14:07:40 linux-5k5p login[4371]: pam_sss(login:auth): received for user test: 10 (User not known to the underlying authentication module)
Jan 18 14:07:40 linux-5k5p login[4371]: FAILED LOGIN SESSION FROM /dev/tty1 FOR UNKNOWN, User not known to the underlying authentication module
What can be wrong in my configuration?