Difference between revisions of "SSSD"
From Nuclear Physics Group Documentation Pages
Jump to navigationJump to searchLine 1: | Line 1: | ||
+ | Starting with CentOS6, remote account login authentication is performed using SSSD. Configuring SSSD to authenticate to an LDAP server can be tricky, but the following instructions work perfectly. | ||
+ | |||
== Configuring SSSD == | == Configuring SSSD == | ||
− | |||
− | |||
− | + | # Make sure the proper packages are installed | |
+ | yum install sssd libsss_sudo | ||
+ | # Use authconfig to enable the proper settings to allow authentication via SSSD | ||
+ | authconfig --enablesssd --enablesssdauth --enablelocauthorize --update | ||
− | + | # Modify /etc/sssd/sssd.conf to reflect the following settings: | |
[sssd] | [sssd] | ||
Line 34: | Line 37: | ||
− | + | # Modify /etc/nsswitch.conf to reflect the following settings: | |
passwd files sss | passwd files sss | ||
Line 42: | Line 45: | ||
− | + | # Restart the sssd service to enable changes: | |
+ | |||
+ | service sssd restart | ||
+ | |||
+ | 6. To test the configuration, try requesting user information: | ||
− | + | id <username> |
Revision as of 15:04, 9 August 2013
Starting with CentOS6, remote account login authentication is performed using SSSD. Configuring SSSD to authenticate to an LDAP server can be tricky, but the following instructions work perfectly.
Configuring SSSD
- Make sure the proper packages are installed
yum install sssd libsss_sudo
- Use authconfig to enable the proper settings to allow authentication via SSSD
authconfig --enablesssd --enablesssdauth --enablelocauthorize --update
- Modify /etc/sssd/sssd.conf to reflect the following settings:
[sssd] config_file_version = 2 services = nss, pam domains = default
[nss] filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
[domain/default] ldap_tls_reqcert = never auth_provider = ldap ldap_schema = rfc2307bis krb5_realm = EXAMPLE.COM ldap_search_base = dc=physics,dc=unh,dc=edu id_provider = ldap ldap_id_use_start_tls = False chpass_provider = ldap ldap_uri = ldaps://einstein.unh.edu krb5_kdcip = kerberos.example.com cache_credentials = True ldap_tls_cacertdir = /etc/openldap/cacerts entry_cache_timeout = 600 ldap_network_timeout = 3 ldap_access_filter = (&(objectclass=shadowaccount)(objectclass=posixaccount))
- Modify /etc/nsswitch.conf to reflect the following settings:
passwd files sss shadow files sss group files sss sudoers files sss
- Restart the sssd service to enable changes:
service sssd restart
6. To test the configuration, try requesting user information:
id <username>