I have a server with helm-openldap and a debian client. I can't login to a user who has a SHA-512 encrypted password. If i store it in clear or MD5, it works perfectly.
$ id tuser uid=5000(tuser) gid=5000(tuser) groups=5000(tuser),5001(wheel) /var/log/auth.log
Jul 1 14:04:33 debian su: pam_unix(su:auth): authentication failure; logname=debian uid=1000 euid=0 tty =pts/0 ruser=debian rhost= user=tuser Jul 1 14:04:33 debian su: pam_sss(su:auth): authentication failure; logname=debian uid=1000 euid=0 tty= pts/0 ruser=debian rhost= user=tuser Jul 1 14:04:33 debian su: pam_sss(su:auth): received for user tuser: 7 (Authentication failure) Jul 1 14:04:36 debian su: FAILED SU (to tuser) debian on pts/0 sssd.conf:
[sssd] domains = LDAP_DOMAIN services = nss, pam [domain/LDAP_DOMAIN] id_provider = ldap auth_provider = ldap ldap_uri = ldaps://ldap.domain.com cache_credentials = True ldap_default_bind_dn = cn=admin,dc=domain,dc=com ldap_default_authtok_type = password ldap_default_authtok = admin_password $ ldapsearch -x -H ldaps://ldap.domain.com -b dc=domain,dc=com -D cn=admin,dc=domain,dc=com -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=domain,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # test.user, domain.com dn: cn=test.user,dc=domain,dc=com cn: test.user gidNumber: 5000 givenName: test homeDirectory: /home/tuser objectClass: inetOrgPerson objectClass: posixAccount objectClass: top sn: tuser uid: tuser uidNumber: 5000 loginShell: /usr/bin/bash userPassword:: e01ENX1rQUZRbUR6U1Q3RFdsajk5S09GL2NnPT0= # search result search: 2 result: 0 Success # numResponses: 1 # numEntries: 1 Thanks in advance for any help!
