* Fresh Fedora 13 install from DVD, with language and keyboard settings UK. * Create local user "dummy" at firstboot since there is no network at this point * Login as "dummy" * Enable the network * Start a root shell * yum update * yum --enablerepo=updates-testing update auth\* At this point I have: authconfig-6.1.4-2.fc13.x86_64 authconfig-gtk-6.1.4-2.fc13.x86_64 Default settings: # authconfig --test caching is disabled nss_files is always enabled nss_compat is disabled nss_db is disabled nss_hesiod is disabled hesiod LHS = "" hesiod RHS = "" nss_ldap is disabled LDAP+TLS is disabled LDAP server = "ldap://127.0.0.1/" LDAP base DN = "dc=example,dc=com" nss_nis is disabled NIS server = "" NIS domain = "" nss_nisplus is disabled nss_winbind is disabled SMB workgroup = "MYGROUP" SMB servers = "" SMB security = "user" SMB realm = "" Winbind template shell = "/bin/false" SMB idmap uid = "16777216-33554431" SMB idmap gid = "16777216-33554431" nss_sss is disabled by default nss_wins is disabled DNS preference over NSS or WINS is disabled pam_unix is always enabled shadow passwords are enabled password hashing algorithm is sha512 pam_krb5 is disabled krb5 realm = "EXAMPLE.COM" krb5 realm via dns is disabled krb5 kdc = "kerberos.example.com" krb5 kdc via dns is disabled krb5 admin server = "kerberos.example.com" pam_ldap is disabled LDAP+TLS is disabled LDAP server = "ldap://127.0.0.1/" LDAP base DN = "dc=example,dc=com" LDAP schema = "rfc2307" pam_pkcs11 is disabled use only smartcard for login is disabled smartcard module = "coolkey" smartcard removal action = "Ignore" pam_fprintd is enabled pam_smb_auth is disabled SMB workgroup = "MYGROUP" SMB servers = "" pam_winbind is disabled SMB workgroup = "MYGROUP" SMB servers = "" SMB security = "user" SMB realm = "" pam_sss is disabled by default credential caching in SSSD is enabled SSSD use instead of legacy services if possible is enabled pam_cracklib is enabled (try_first_pass retry=3 type=) pam_passwdqc is disabled () pam_access is disabled () pam_mkhomedir or pam_oddjob_mkhomedir is disabled () Always authorize local users is enabled () Authenticate system accounts against network services is disabled I now try to set up ldap auth in the time-honoured way: # authconfig \ --enableldap \ --enableldapauth \ --ldapserver=ldap://ldap.virtensys.com/ \ --ldaploadcacert=http://download.virtensys.com/virtensys-ca.crt \ --enableldaptls \ --ldapbasedn=dc=virtensys,dc=com \ --disablefingerprint \ --updateall Starting sssd: [FAILED] The stock sssd.conf is untouched: # ls -lrt /etc/sssd total 12 -rw-------. 1 root root 2829 Apr 2 16:56 sssd.conf -r--------. 1 root root 1809 Apr 2 16:56 sssd.api.conf drwx------. 2 root root 4096 May 21 13:25 sssd.api.d Authconfig does know what the config is *supposed* to be though: # authconfig --test caching is disabled nss_files is always enabled nss_compat is disabled nss_db is disabled nss_hesiod is disabled hesiod LHS = "" hesiod RHS = "" nss_ldap is enabled LDAP+TLS is enabled LDAP server = "ldap://ldap.virtensys.com/" LDAP base DN = "dc=virtensys,dc=com" nss_nis is disabled NIS server = "" NIS domain = "" nss_nisplus is disabled nss_winbind is disabled SMB workgroup = "MYGROUP" SMB servers = "" SMB security = "user" SMB realm = "" Winbind template shell = "/bin/false" SMB idmap uid = "16777216-33554431" SMB idmap gid = "16777216-33554431" nss_sss is disabled by default nss_wins is disabled DNS preference over NSS or WINS is disabled pam_unix is always enabled shadow passwords are enabled password hashing algorithm is sha512 pam_krb5 is disabled krb5 realm = "EXAMPLE.COM" krb5 realm via dns is disabled krb5 kdc = "kerberos.example.com" krb5 kdc via dns is disabled krb5 admin server = "kerberos.example.com" pam_ldap is enabled LDAP+TLS is enabled LDAP server = "ldap://ldap.virtensys.com/" LDAP base DN = "dc=virtensys,dc=com" LDAP schema = "rfc2307" pam_pkcs11 is disabled use only smartcard for login is disabled smartcard module = "coolkey" smartcard removal action = "Ignore" pam_fprintd is disabled pam_smb_auth is disabled SMB workgroup = "MYGROUP" SMB servers = "" pam_winbind is disabled SMB workgroup = "MYGROUP" SMB servers = "" SMB security = "user" SMB realm = "" pam_sss is disabled by default credential caching in SSSD is enabled SSSD use instead of legacy services if possible is enabled pam_cracklib is enabled (try_first_pass retry=3 type=) pam_passwdqc is disabled () pam_access is disabled () pam_mkhomedir or pam_oddjob_mkhomedir is disabled () Always authorize local users is enabled () Authenticate system accounts against network services is disabled If I now fire up the GUI, don't make any changes and click "Apply", it springs into life: # authconfig-gtk Starting sssd: [ OK ] # ls -lrt /etc/sssd total 12 -r--------. 1 root root 1809 Apr 2 16:56 sssd.api.conf drwx------. 2 root root 4096 May 21 13:25 sssd.api.d -rw-------. 1 root root 3191 May 21 14:39 sssd.conf
Use --update instead of --updateall as a workaround.