I have a server with helm-openldap and a debian client. I can't login to a user who has a SHA-512 encrypted password. If i store it in clear or MD5, it works perfectly.
$ id tuser
uid=5000(tuser) gid=5000(tuser) groups=5000(tuser),5001(wheel)
/var/log/auth.log
Jul 1 14:04:33 debian su: pam_unix(su:auth): authentication failure; logname=debian uid=1000 euid=0 tty
=pts/0 ruser=debian rhost= user=tuser
Jul 1 14:04:33 debian su: pam_sss(su:auth): authentication failure; logname=debian uid=1000 euid=0 tty=
pts/0 ruser=debian rhost= user=tuser
Jul 1 14:04:33 debian su: pam_sss(su:auth): received for user tuser: 7 (Authentication failure)
Jul 1 14:04:36 debian su: FAILED SU (to tuser) debian on pts/0
sssd.conf:
[sssd]
domains = LDAP_DOMAIN
services = nss, pam
[domain/LDAP_DOMAIN]
id_provider = ldap
auth_provider = ldap
ldap_uri = ldaps://ldap.domain.com
cache_credentials = True
ldap_default_bind_dn = cn=admin,dc=domain,dc=com
ldap_default_authtok_type = password
ldap_default_authtok = admin_password
$ ldapsearch -x -H ldaps://ldap.domain.com -b dc=domain,dc=com -D cn=admin,dc=domain,dc=com -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=domain,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# test.user, domain.com
dn: cn=test.user,dc=domain,dc=com
cn: test.user
gidNumber: 5000
givenName: test
homeDirectory: /home/tuser
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
sn: tuser
uid: tuser
uidNumber: 5000
loginShell: /usr/bin/bash
userPassword:: e01ENX1rQUZRbUR6U1Q3RFdsajk5S09GL2NnPT0=
# search result
search: 2
result: 0 Success
# numResponses: 1
# numEntries: 1
Thanks in advance for any help!
