This test will verify whether the SSSD is appropriately serving native local users through NSS.
How to Test
- Follow the steps in Installing the SSSD. If you are running the Test Day LiveCD, you may skip this step.
- Copy sssd.conf to /etc/sssd/sssd.conf
- Restart the SSSD service (as root):
service sssd restart(Please disregard the "Unable to register control with rootdse!" messages, as they are erroneous.
- Verify that the SSSD services are running:
ps -e |grep sssYou should see:
30968 pts/0 00:00:00 sssd 30970 pts/0 00:00:00 sssd_dp 30972 pts/0 00:00:00 sssd_be 30973 pts/0 00:00:00 sssd_be 30974 pts/0 00:00:00 sssd_be 30975 pts/0 00:00:00 sssd_nss 30976 pts/0 00:00:00 sssd_pam
- Enable the use of the SSSD in nsswitch.conf. Change the following lines of /etc/nsswitch.conf from:
passwd: files shadow: files group: filesto
passwd: files sss shadow: files group: files sss
- Create a new local user with the following command (as root)
/usr/sbin/sss_useradd nativelocaluser(Again, you can disregard the "Unable to register control with rootdse!" messages.)
- Verify that this user is enumerated by NSS:
getent passwd |grep nativelocaluserYou should see:
- Verify that this user's information can be seen by directly requesting it
getent passwd nativelocaluser@LOCALThe output should be the same as previous.
- Verify that this user's information can be seen by searching all domains
getent passwd nativelocaluserThe output should be the same as previous.
- Verify that a group with the same name exists
getent group |grep nativelocaluserThe output should be:
- Verify that this group can be requested directly
getent group nativelocaluser@LOCALThe output should be the same as the previous.
- Verify that this group can be seen by searching all domains
getent group nativelocaluserThe output should be the same as the previous.
- Create a new group (as root)
- Add the nativelocaluser to the group
/usr/sbin/sss_usermod -a nativelocalgroup nativelocaluser
- Verify the contents of this group using getent as above: