Verifying the authentication services configured in the system

You can check the following authentication details by using the mmuserauth service check command:

• -–data-access-method {file | object | all} Authentication method.
• [-N|--nodes] {node-list | cesNodes} Authentication configuration on each node. If the specified node is not a protocol node, the check operation gets ignored on that node. If a protocol node is specified, then the system checks configuration on that protocol node. If you do not specify a node, the system checks the configuration of only the current node. To check authentication configuration on all protocol nodes, specify -N cesnodes.
• --server-reachability Verify whether the authentication backend server is reachable. If object is configured with external Keystone server, this check is not performed.
• [-r | --rectify ] Rectify the configuration for the specified nodes by copying any missing configuration files or SSL/TLS certificates from another node.

For more information, see mmuserauth command.

Issue the mmuserauth service check command.

# mmuserauth service check --data-access-method file --nodes dgnode3,dgnode2 --server-reachability -r
dgnode2: not CES node. Ignoring...

Userauth file check on node: dgnode3
Checking SSSD_CONF: OK
Checking nsswitch file: OK
Checking Pre-requisite Packages: OK

LDAP servers status
LDAP server 192.168.122.250 : OK
Service 'sssd' status: OK

You can use the id command to see the list of users and groups fetched from the LDAP server. For example:

# id ldapuser2
uid=1001(ldapuser2) gid=1001(ldapuser2) groups=1001(ldapuser2)

Issue the mmuserauth service check command.

# mmuserauth service check --server-reachability --data-access-method object
Userauth object check on node: dgnode3
Checking keystone.conf: OK
LDAP servers status
LDAP server sonash1 : OK
Service 'keystone-all' status: OK