AW: Problems with ocserv and Active Directory via SSSD

[Tobias Grychtol-Matthaeus]

Hi Nikos,


> This is an error from pam_sss, you'll need to increase verbosity on
> sssd to see the actual reason. Have you used the
> https://ocserv.gitlab.io/www/recipes-ocserv-freeipa.html instructions?


Thanks for your email. I checked now deeper the PAM configuration and you are right, it was an error from pam_sss. After fixing the SSSD PAM configuration it works smooth. I am now connected with my AD user.
Now I will try to add the OTP second factor via PAM too. That would be perfect then :)

To answer your question: No, I did not used the freeipa instructions. I just installed SSSD like we do it always. But for ocserv I must reconfigure the PAM-files.



Best, Tobias

--


Tobias Grychtol-Matthaeus
Systemadministrator
Informationstechnik

Max-Planck-Institut für Marine Mikrobiologie
Celsiusstr. 1 - D-28359 Bremen - Raum R1130
Telefon: +49 421 2028-5720
E-Mail: tgrymatt at mpi-bremen.de







********************************************************************************************************************************************************************************
Achtung, neue Telefondurchwahl ab 4.12.202!

Bitte hängen Sie an die bisherige Durchwahl des Mitarbeitenden am Max-Planck-Institut für Marine Mikrobiologie eine -0 an, aus +49 421 2028-123 wird also +49 421 2028-1230.

Bei Faxnummern muss eine -8 angehängt werden. Aus +49 421 2028-565 wird also +49 421 2028-5658


Attention, new telephone extension starting Decmber 4th, 2020 !

Please add a -0 to the previous extension of your contact at the Max Planck Institute for Marine Microbiology, i.e. +49 421 2028-123 becomes +49 421 2028-1230.

For fax numbers a -8 has to be added. I.e. +49 421 2028-565 becomes +49 421 2028-5658

********************************************************************************************************************************************************************************