I am trying to setup a new Server(Ubuntu 22.04 LTS) and authenticate users using organization accounts.
This is the public Documentation provided: https://www.hs-regensburg.de/supportwiki/doku.php?id=en:public:netz:auth
When executing ldapsearch like it is specified in the Troubleshooting section I can find my user in the format abc12345 and all the available data that is available.
ldapsearch \
-A
-H 'ldaps://adldap.hs-regensburg.de' \
-b 'DC=hs-regensburg,DC=de' \
-D 'abc12345@hs-regensburg.de' \
-W -z 0 -LLL -E pr=1000/noprompt sAMAccountName=abc12345
Output-->Appendix 1
However when executing getent passwd abc12345 i get no Output and the logging files in Appendix 2-3. I would say that ldap simply does not find the given username abc12345.
Here is my sssd.conf:
[sssd]
config_file_version = 2
domains = hs-regensburg.de
[domain/hs-regensburg.de]
id_provider = ldap
auth_provider = ldap
ldap_uri = ldaps://adldap.hs-regensburg.de/
ldap_search_base = dc=hs-regensburg,dc=de
ldap_default_bind_dn = CN=abc12345,OU=Studenten,OU=Benutzer,OU=EI,OU=HSR,DC=hs-regensburg,DC=de
#ldap_default_bind_dn = abc12345@hs-regensburg.de
ldap_default_authtok_type = password
ldap_default_authtok = insertPassword
cache_credentials = false
- What changes do i have to make to my sssd.conf so that sssd also finds my users, like ldapsearch does?
- What exactly is sAMAccountName/samAccountName?
- What benefit would it have if i setup my Authentication like this: https://ubuntu.com/server/docs/service-sssd-ldap-krb
- Is the provided documentation even enough to setup such a system?
I am grateful for any help. If you need further information from me, I will be happy to provide anything you need.
Appendix 1
Enter LDAP Password:
dn: CN=abc12345,OU=Studenten,OU=Benutzer,OU=EI,OU=HSR,DC=hs-regensburg,DC=de
objectClass:
cn:
sn:
c:
l:
st:
title:
postalCode:
givenName:
distinguishedName:
instanceType:
whenCreated:
whenChanged:
displayName:
uSNCreated:
memberOf:
uSNChanged:
department:
proxyAddresses:
streetAddress:
name:
objectGUID:
userAccountControl:
badPwdCount:
codePage:
countryCode:
homeDirectory:
homeDrive:
badPasswordTime:
lastLogoff:
lastLogon:
pwdLastSet:
primaryGroupID:
profilePath:
objectSid:
accountExpires:
logonCount:
sAMAccountName:
sAMAccountType:
showInAddressBook:
legacyExchangeDN:
userPrincipalName:
objectCategory:
dSCorePropagationData:
lastLogonTimestamp:
uid:
mail:
uidNumber:
gidNumber:
unixHomeDirectory:
loginShell:
mDBUseDefaults:
msExchWhenMailboxCreated:
extensionAttribute9:
msExchUMDtmfMap:
msExchMailboxSecurityDescriptor:
hsrInternalMail:
msExchArchiveWarnQuota:
msExchHomeServerName:
msExchTextMessagingState:
msExchPoliciesExcluded:
msExchDumpsterQuota:
msExchRBACPolicyLink:
msExchUserAccountControl:
msExchMobileMailboxFlags:
msExchArchiveQuota:
msExchDumpsterWarningQuota:
mailNickname:
msExchUserCulture:
msExchVersion:
msExchELCMailboxFlags:
homeMDB:
msExchMailboxGuid:
msExchRecipientTypeDetails:
msExchRecipientDisplayType:
msExchCalendarLoggingQuota:
refldaps://hs-regensburg.de/CN=Configuration,DC=hs-regensburg,DC=de
pagedresults: cookie=
Appendix 2
root@hostname:/var/log/sssd# tail -f sssd_nss.log | grep --color 'abc12345\|$'
(2022-08-24 2:02:44): [nss] [accept_fd_handler] (0x0400): [CID#6] Client [cmd getent][uid 1001][0x55e3a007a380][21] connected!
(2022-08-24 2:02:44): [nss] [sss_cmd_get_version] (0x0200): [CID#6] Received client version [1].
(2022-08-24 2:02:44): [nss] [sss_cmd_get_version] (0x0200): [CID#6] Offered version [1].
(2022-08-24 2:02:44): [nss] [nss_getby_name] (0x0400): [CID#6] Input name: abc12345
(2022-08-24 2:02:44): [nss] [cache_req_send] (0x0400): [CID#6] CR #7: REQ_TRACE: New request [CID #6] 'User by name'
(2022-08-24 2:02:44): [nss] [cache_req_process_input] (0x0400): [CID#6] CR #7: Parsing input name [abc12345]
(2022-08-24 2:02:44): [nss] [sss_parse_name_for_domains] (0x0200): [CID#6] name 'abc12345' matched without domain, user is abc12345
(2022-08-24 2:02:44): [nss] [nss_get_object_send] (0x0400): [CID#6] Client [0x55e3a007a380][21]: sent cache request #7
(2022-08-24 2:02:44): [nss] [cache_req_set_name] (0x0400): [CID#6] CR #7: Setting name [abc12345]
(2022-08-24 2:02:44): [nss] [cache_req_select_domains] (0x0400): [CID#6] CR #7: Performing a multi-domain search
(2022-08-24 2:02:44): [nss] [cache_req_search_domains] (0x0400): [CID#6] CR #7: Search will check the cache and check the data provider
(2022-08-24 2:02:44): [nss] [cache_req_set_domain] (0x0400): [CID#6] CR #7: Using domain [hs-regensburg.de]
(2022-08-24 2:02:44): [nss] [cache_req_prepare_domain_data] (0x0400): [CID#6] CR #7: Preparing input data for domain [hs-regensburg.de] rules
(2022-08-24 2:02:44): [nss] [cache_req_search_send] (0x0400): [CID#6] CR #7: Looking up abc12345@hs-regensburg.de
(2022-08-24 2:02:44): [nss] [cache_req_search_ncache] (0x0400): [CID#6] CR #7: Checking negative cache for [abc12345@hs-regensburg.de]
(2022-08-24 2:02:44): [nss] [cache_req_search_ncache] (0x0400): [CID#6] CR #7: [abc12345@hs-regensburg.de] does not exist (negative cache)
(2022-08-24 2:02:44): [nss] [cache_req_process_result] (0x0400): [CID#6] CR #7: Finished: Not found
(2022-08-24 2:02:44): [nss] [client_recv] (0x0200): [CID#6] Client disconnected!
Appendix 3
root@hostname:/var/log/sssd# tail -f sssd_nss.log | grep abc12345
(2022-08-24 2:05:41): [nss] [nss_getby_name] (0x0400): [CID#7] Input name: abc12345
(2022-08-24 2:05:41): [nss] [cache_req_process_input] (0x0400): [CID#7] CR #8: Parsing input name [abc12345]
(2022-08-24 2:05:41): [nss] [sss_parse_name_for_domains] (0x0200): [CID#7] name 'abc12345' matched without domain, user is abc12345
(2022-08-24 2:05:41): [nss] [cache_req_set_name] (0x0400): [CID#7] CR #8: Setting name [abc12345]
(2022-08-24 2:05:41): [nss] [cache_req_search_send] (0x0400): [CID#7] CR #8: Looking up abc12345@hs-regensburg.de
(2022-08-24 2:05:41): [nss] [cache_req_search_ncache] (0x0400): [CID#7] CR #8: Checking negative cache for [abc12345@hs-regensburg.de]
(2022-08-24 2:05:41): [nss] [cache_req_search_ncache] (0x0400): [CID#7] CR #8: [abc12345@hs-regensburg.de] is not present in negative cache
(2022-08-24 2:05:41): [nss] [cache_req_search_cache] (0x0400): [CID#7] CR #8: Looking up [abc12345@hs-regensburg.de] in cache
(2022-08-24 2:05:41): [nss] [cache_req_search_cache] (0x0400): [CID#7] CR #8: Object [abc12345@hs-regensburg.de] was not found in cache
(2022-08-24 2:05:41): [nss] [cache_req_search_dp] (0x0400): [CID#7] CR #8: Looking up [abc12345@hs-regensburg.de] in data provider
(2022-08-24 2:05:41): [nss] [sss_dp_get_account_send] (0x0400): [CID#7] Creating request for [hs-regensburg.de][0x1][BE_REQ_USER][name=abc12345@hs-regensburg.de:-]
(2022-08-24 2:05:41): [nss] [cache_req_search_cache] (0x0400): [CID#7] CR #8: Looking up [abc12345@hs-regensburg.de] in cache
(2022-08-24 2:05:41): [nss] [cache_req_search_cache] (0x0400): [CID#7] CR #8: Object [abc12345@hs-regensburg.de] was not found in cache
(2022-08-24 2:05:41): [nss] [cache_req_search_ncache_add_to_domain] (0x0400): [CID#7] CR #8: Adding [abc12345@hs-regensburg.de] to negative cache
(2022-08-24 2:05:41): [nss] [sss_ncache_set_str] (0x0400): [CID#7] Adding [NCE/USER/hs-regensburg.de/abc12345@hs-regensburg.de] to negative cache
