System Security Services Daemon (SSSD) - This project provides a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for FreeIPA, LDAP, & Active Directory.
Questions tagged [sssd]
353 questions
1
vote
1 answer
Debian: Problems authenticating to ad
Our Debian server somehow got disconnected from AD, and I am trying to get it back.
I have tried different methods. The one that seems to have worked best is realm.
Atleast it says that it has joined the realm.
When I try to log in I get access…
Stoffe Eriksson
- 21
- 2
1
vote
1 answer
Why does sssd break PTR records for AD-joined CentOS
I have an AD domain-joined CENTOS 7 box - call it centosbox.
Whenever SSSD starts, it updates the DNS records, which is fine by me, except that it breaks the PTR records by making them point to just centosbox. instead of centosbox.my.domain.ext.,…
dodexahedron
- 137
- 12
1
vote
0 answers
SFTP Access with Active Directory user
I'm trying to access through SFTP using an Active Directory user.
I have a RH7.3 machine, configured with SSSD. Sshd_config has some parameters that allow some AD users to login throught ssh. Now I've created a new group in AD (access_ssh_vsftp)…
jask
- 331
- 1
- 4
- 13
1
vote
0 answers
Why does sssd query for all automountkeys when looking for a specific one?
I am attempting to convert autofs from using ldap maps to using sss maps.
However, it appears that sssd wishes to query for all automount keys rather than just the specific one it needs. This is causing the query to run afoul of the ldap server's…
84104
- 12,905
- 6
- 45
- 76
1
vote
1 answer
Unable to configure sssd for multiple domain authentication in same forest
I have machine that is joined to the Domain A and it is able to authenticate fine the users in that domain. The default domain realm in kerberos is the Domain A.
However, I'm unable to authenticate against the domain B which should have a two way…
Natalia Marin
- 11
- 5
1
vote
2 answers
Samba 4 joined to AD: can access to shares using FQDN but not using IP or aliases
I installed a new Openmediavault 4 server which I joined to my Active Directory managed by two Samba 4 Domain Controllers.
Specifications:
Active Directory domain MY.AD.DOMAIN managed by two Samba 4 domain controllers (server-z1.my.ad.domain…
Mat
- 1,873
- 7
- 25
- 41
1
vote
1 answer
sssd prevent particular backend servers
Just came across an interesting problem using sssd where I was able to getent someuser@example.com but getent group somegroup@example.com was failing. Ended up finding out with adcli info example.com that there were two DC's in the forest that were…
TryTryAgain
- 1,152
- 5
- 22
- 41
1
vote
1 answer
Can't log in to Ubuntu as domain user "no passwd entry for user" (SSSD, KRB5, Samba)`
I followed this guide to join my Ubuntu 14.04 server to my domain. I have everything working - the server joined AD fine, I can kinit just fine, and dynamic DNS is working great. However, when I log in to Linux and try to su as a domain user, it…
user402916
1
vote
1 answer
How to make sssd obtain a ticket to mount NFS shares for the service?
I have a working setup in a corporate environment where we use RHEL7 together with SSSD to authenticate against Active Directory. Regular authentication works well.
I managed to get the NFSv4 server to work with NFSv4 clients all using the same…
Nicolas
- 15
- 1
- 4
1
vote
2 answers
CentOS 7 sssd with AD - getent passwd slow in response
CentOS 7 + SSSD + AD
AD user is created through bash script. To confirm the AD user account is created I am using getent passwd . It is not returning the user account created in AD immediately, but it is returning the user account after a…
sathish kannan
- 11
- 1
- 2
1
vote
1 answer
sssd cache issues with authorized_keys
I'm running a server with CentOS 7.4.1708 and all patches applied. sssd is version 1.15.2.
I have a working sssd setup which enables me to sign in using SSH public keys stored in Active Directory.
The config
The instance is successfully joined and…
Jonathan
- 575
- 1
- 7
- 18
1
vote
0 answers
All Free IPA clients unable to login
Environment:
~400 Servers enrolled in Prod IPA
Prod IPA setup as Master/Master replication between two servers
Around 4:40 PM yesterday users started reporting unable to login to servers via SSH. Sysadmins were able to login via sshkey.
Client…
Sysadmin123
- 11
- 3
1
vote
2 answers
Linux SSSD with two AD Domains
I Joined my Centos Box to a Windows Active Directory Domain with
realm join --user=DomUser dom2.local
Without any Problems. The Domain hast a one-way Trust relationship to Dom1.
Our Windows Users can:
Log-In with Dom1/User to Dom1/Host
Log-In…
embedded
- 466
- 2
- 6
- 19
1
vote
0 answers
Autofs + Kerberos + NFSv4 works on RHEL, but not Ubuntu
We have our /home directories stored on a NetApp SVN, and are automounting them as NFSv4 with Kerberos. This seems to work flawlessly on RHEL7.x, however it will not work in Ubuntu 14.04 or 16.04 no matter what we try.
Both RHEL and Ubuntu are using…
drchrist68
- 11
- 1
- 3
1
vote
1 answer
sssd ldap authentication cannot automount home directories
I have managed to setup ldap authentication. but I do not manage to have the home directories automatically mount when logged in.
the auto.master and auto.home are stored in the ldap.
this is my sssd.conf:
[sssd]
config_file_version = 2
…
danidar
- 53
- 2
- 8