Skip to main content


So I'm trying out RHEL6 to install on my new NFS server.

All is going well, until it comes to getting LDAP user information. The new setup on RHEL6 is to use the SSS daemon. It is configured using authconfig.

My LDAP database requires TLS, and simple binding to get any user information, including just NSS related stuff.

So, I thought that would mean just running this command:

authconfig --enableshadow --enablesssd --disablesssdauth --enablecache --enablelocauthorize --update

This results in:

id_provider = ldap
#auth_provider = ldap
ldap_schema = rfc2307
ldap_uri = ldap://*****
ldap_search_base = *****
ldap_default_bind_dn = *****
ldap_default_authtok_type = password
ldap_default_authtok = ******
ldap_tls_reqcert = demand
cache_credentials = true
enumerate = true
entry_cache_timeout = 5400
ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt

But, doing a /etc/init.d/sssd restart doesn't make user information work.

id username

yields an error.

I found that you have to include the line in sssd.conf

ldap_id_use_start_tls = True



Popular posts from this blog

Compiling tun.ko for Android - OpenVPN

I have a Xoom, and a Galaxy S, and need to be able to compile my own tun.ko for the kernel version I have. As you all know, if the kernel version of the module you are trying to insert isn't the same, it won't insert, and will give you errors like:

<3>[95175.874872] tun: version magic ' SMP preempt mod_unload ARMv7 ' should be ' SMP preempt mod_unload ARMv7 '

in dmesg. We need to compile the module for the right version of the kernel

Download the Kernel source - normally from The Xoom can be found at, and the Galaxy S can be found at Use

$ pwd
$ git clone to clone the Xoom kernel sourceCopy your old kernel config from your device

$ pwd
$ adb pull /proc/config.gz
$ gunzip config.gz
$ mv config.gz tegr…

Preseeding Ubuntu Natty 11.04

I decided to start this blog because of the never ending battles I have with remembering what I have conquered before, and thinking that other people have the same problems.

The specific problem I was working on when I came to this conclusion was preseeding a Natty netboot install. EVERY version of Ubuntu brings more preseeding problems - something always changes, causing you to get prompted for something new, when the previous release worked without a hitch.
This time (going from Lucid to Natty) was the keyboard layout preseed. I got the dreaded keyboard layout screen.
Turns out the preseed file is only looked at once the locale is set (makes sense), so you have to pass the keyboard config in the kernel line of your PXE boot:
LABEL stuff_natty64kernel linux.natty64append vga=normal initrd=initrd.gz.natty64 locale=en_AU preseed/locale=en_AU keyboard-configuration/layoutcode=us console-setup/ask_detect=false netcfg/wireless_wep= netcfg/choose_interface=auto netcfg/get_hostname= netcfg/ge…

2gb deb package limit

I have been creating Matlab 2011b deb packages for my Ubuntu fleet, and have encountered problems as apt currently doesn't like packages > 2gb. You get errors like:

size mismatch


something went wrong

and negative sizes during the download and install of the deb package. There is currently open bugs dealing with fixing it, but in the mean time, I have figured out a nice way to get around it. Change the default compression!

Instead of:

dpkg-deb -b <folder> <deb package name>


dpkg-deb -Zlzma -b <folder> <deb package name>

It shrunk my 2.4gb deb package to 1.95gb, and hence doesn't fall foul of the 2gb size limit!