yast: "authentication client" missing

hello suse-friends,

after freshly installing opensuse leap 42.2, i wanted to setup an ldap client using yast according to the instructions given here:

https://doc.opensuse.org/documentation/leap/security/html/book.security/cha.security.auth.html#sec.security.auth.yast.client

it says:

Start the module by selecting Network Services › Authentication Client.
i found the yast module Authentication Server, but not the client module - not even in the software repository.

i didn’t find the dailog shown in Figure 4.6: Authentication Client Configuration either.

what can i do?

best regards

frank

If you insist on GUI tool only, then you can use “Network Services >> User Logon Management” tool.
or else, directly open “/etc/sssd/sssd.conf” and edit the file Manually & restart sssd service.

Personally I found first option is bit complicated.

If you just added a new YaST module,
You will likely have to close YaST and re-open.
For a service, YMMV so I’d recommend the same when adding a service (And if I know the service name, I usually start it up using the systemd command instead)

TSU

There is yast2-auth-client package; if it is installed, go to Network Services - User Logon Management. It is organized a bit differently, but it contains mostly the same information as you have found in documentation.

srivathsaacharya, tsu2 and arvidjaar thank you all!

i finally completed my task.

to setup legacy (not the new sssd style) ldap authentication perform the following steps:

  1. install sssd
    a fresh installed opensuse lacks that package and it isn’t installed automatically, when the user enters the yast sssd module. in my eyes the latter is a bug.
  2. execute: yast2 > network services > ldap and kerberos client

info:
if you execute: “yast2 > network services > user logon management” instead, the same panel is presented, but a) with different panel title and b) a different behaviour when pressing the button “change settings”. that GUI design confuses me and other users.

  1. press button “change settings”
  2. fill the form

allow ldap users ...: yes
cache ldap entries ...: yes
hostname ...: my-ldap-server.example.org
dn of search ...: dc=example,dc=org
dn of bind: {empty}
passord of bind ...: {empty}
rfc2307bis: no (not shure about that, but works with my SLES 11.3 ldap server)
leave connections open ...: yes
secure communication: no security (well, not recommended but otherwise you must setup security / certificates)
  1. press button “test connection”
    should give a positive feedback
  2. press button “OK”
  3. reboot

ending:

yes, i insist on yast, because of yast i’m using SUSE since 1995 (my mother since 12 years, my partners mother since 2 years) and i’m buying SLES and not redhat, ubuntu or some other distribution.

i know: you are not to blame for that difference. but the suse people should keep yast and its documentation synchronised.

again: thank you all cordially for your help.

enjoy SUSE :slight_smile:
frank

roell_f,

Hello and maybe I can help.

Firstly I understand your confusion concerning the YaST User Logon Management module. I am collaborating with the YaST developer to improve usability. It’ a great team and I have no doubt usability will improve.

That said the YaST User Logon Management module can still be launched with the following command:

~# yast auth-client

Invoking it will install the SSSD and the pam_sss module.

The LDAP and Kerberos client with the following command:

~# yast ldapkrb

Invoking it will install the pam_ldap and pam_krb5 modules.

For what it is worth I prefer the SSSD, obviously :slight_smile: , but I understand it is not for everybody initially until they understand it. The SSSD can do everythig the LDAP and Kerberos clients can do and more. Including but not limited to service discovery, increased authentication feature sets, and offline authentication. However it is not always required and if someone is more comfortable with the pam_ldap and pam_krb5 modules they should of course use them happily.

However if you would like some help deploying the SSSD against your environment I would be glad to help.

– lawrence

openSUSE YaST makes heavy use of “Patterns”:
For example: in the YaST Software Management, there’s a selection named “Schemes” with a section “Directory Server (LDAP)”.
Within that Scheme, there’s a package named “patterns-openSUSE-directory_server”.
Simply install the Pattern package and, all the necessary packages for the task will be auto-magically installed.