Description of problem: Doing F14 installs with my standard F13 kickstart authconfig line: authconfig --enablemd5 --enableshadow --enablesssd --enablesssdauth --enableldap --enableldapauth --ldapserver=ldap.cora.nwra.com --ldapbasedn=dc=nwra,dc=com --enableldaptls --ldaploadcacert=http://www.cora.nwra.com/cgi-bin/getca.pl I end up with a different nsswitch.conf than with F13: < f13, > f14 33,35c33,35 < passwd: files sss < shadow: files sss < group: files sss --- > passwd: files sss ldap > shadow: files sss ldap > group: files sss ldap 38c38 < hosts: files mdns4_minimal [NOTFOUND=return] dns --- > hosts: files dns 57c57 < netgroup: files sss --- > netgroup: files ldap ldap 61c61 < automount: files ldap --- > automount: files ldap ldap And lots of errors in logs: Sep 21 14:27:00 test kdm: :0[18768]: PAM unable to dlopen(/lib64/security/pam_ldap.so): /lib64/security/pam_ldap.so: cannot open shared object file: No such file or directory Sep 21 14:27:00 test kdm: :0[18768]: PAM adding faulty module: /lib64/security/pam_ldap.so Sep 21 14:27:00 test kdm: :0[18768]: pam_unix(kdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=orion Sep 21 14:27:01 test kdm: :0[18768]: pam_sss(kdm:auth): authentication success; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=orion Sep 21 14:30:01 test crond[18887]: PAM unable to dlopen(/lib64/security/pam_ldap.so): /lib64/security/pam_ldap.so: cannot open shared object file: No such file or directory Sep 21 14:30:01 test crond[18887]: PAM adding faulty module: /lib64/security/pam_ldap.so Note that despite the pam_sss success above, kdm fails to log me in. Perhaps a separate kdm issue? Version-Release number of selected component (if applicable): authconfig-6.1.9-1.fc14.x86_64
system-auth-ac is also different: < f13, > f14 7a8 > auth sufficient pam_ldap.so use_first_pass 13a15 > account [default=bad success=ok user_unknown=ignore] pam_ldap.so 18a21 > password sufficient pam_ldap.so use_authtok 22a26 > -session optional pam_systemd.so 25a30 > session optional pam_ldap.so
Just remove the --enablesssd --enablesssdauth from your settings above. These options enable the 'explicit sssd support' with user managing sssd.conf by himself. The only small bug is the double ldap ldap in netgroup and automount lines in /etc/nsswitch.conf. This is not a F14 blocker.
Indeed, that appears to work. I think a release note may be in order to document this change.
I am not sure what would be the Release note content. Can you please open the relnote request and enter the proposed content? Note that even in Fedora 13 the supposed call of authconfig was the same as now. The --enablessd and --enablesssdauth were never supposed to be passed to authconfig if you wanted the implicit SSSD support. However the behavior when --enablesssd and --enablessdauth was added might have been slightly different. Here you can enter the release note request: https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20Documentation&op_sys=Linux&target_milestone=---&bug_status=NEW&version=devel&component=release-notes&rep_platform=All&priority=normal&bug_severity=normal&assigned_to=relnotes@fedoraproject.org&cc=&estimated_time_presets=0.0&estimated_time=0.0&bug_file_loc=http://&short_desc=RELNOTES%20-%20Summarize%20the%20release%20note%20suggestion/content&comment=Provide%20details%20here.%20%20Do%20not%20change%20the%20blocking%20bug.&status_whiteboard=&keywords=&issuetrackers=&dependson=&blocked=168083&ext_bz_id=0&ext_bz_bug_id=&data=&description=&contenttypemethod=list&contenttypeselection=text/plain&contenttypeentry=&maketemplate=Remember%20values%20as%20bookmarkable%20template&form_name=enter_bug
Sorry, it appears you documented the correct authconfig line in bug 578258, but I didn't get it right in my kickstarts. *** This bug has been marked as a duplicate of bug 578258 ***