System Security Services Daemon (SSSD) - This project provides a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for FreeIPA, LDAP, & Active Directory.
Questions tagged [sssd]
353 questions
1
vote
2 answers
How to confirm that IPA+SSSD is using only encrypted channels?
Simply put: I want to ensure that my authentication path is encrypted along the entire path.
(e.g. encrypted from laptop->SSH host; from SSH host->authentication server; and from SSH host->other hosts)
I am running
FreeIPA on Centos 7 as the…
JDS
- 2,598
- 4
- 30
- 49
1
vote
2 answers
Issue authenticating to AD-joined Centos 7 server
Using this link, I have set up a server that is properly joined to an Active Directory server, but for some reason I can not authenticate to that server with a kerberos ticket on several test-users that I made on my laptop.
All users on my local…
Peter van Arkel
- 123
- 2
- 6
1
vote
2 answers
SSSD for LDAP user authentication only (just bind) on Ubuntu, local databases for uid and groups
Every guide to using SSSD for LDAP authentication I've found thus far shows you how to do more than just authenticate a user, such as provide their shell, groups, etc. I don't know how to remove those features without things breaking because there…
contrapsych
- 235
- 1
- 2
- 9
1
vote
3 answers
How can I verify which DC my ubuntu server is authenticating to?
I have some intermittent authentication issues on my Ubuntu 15.04 servers. I have asked about this issue directly here: Kerberos encryption type error
My Windows DCs are mixed versions for now (we're working to eliminate the older DCs and upgrade to…
mrwboilers
- 83
- 1
- 2
- 7
1
vote
1 answer
Error: KDC has no support for encryption type
I have intermittent authentication issues on my ubuntu 15.04 servers. Periodically, authentication will just stop working. Eventually it will start working again on its own. Or, if I restart both smbd and sssd it will start working again right…
mrwboilers
- 83
- 1
- 2
- 7
1
vote
1 answer
SSSD - start LDAP-search with logging-in user
Situation today: we've got a functional sssd-config on multiple Ubuntu-clients. This config contains authenticating against a LDAP-server. The SASL-Mech is as "gssapi" specified and uses a krb5-keytab-file. Bombastic feauture: the specified user of…
CBuchey
- 11
- 1
1
vote
1 answer
Limiting SSH users in LDAP to only one command on an SSH bastion
I have a private network of Centos 7 servers. Each of the servers can only be reached via an SSH bastion. Furthermore, all of these servers use SSSD to authenticate SSH users' keys against an LDAP directory.
Because keys are authenticated against an…
StudentsTea
- 165
- 9
1
vote
1 answer
Setting shell for SSH directory users on a per-group basis in SSSD
I have a network of Centos 7 machines hosting sshd, each of which is configured to lookup a user's public keys in an LDAP directory for ssh authentication.
Furthermore, all ssh users that have access to these Centos boxes are divided into one of two…
StudentsTea
- 165
- 9
1
vote
0 answers
pam_access nisnetgroup with nested posixgroup
We have pam_access enabled and correctly allowed/denying users based on the rules in place. One such rule looks up LDAP backed NIS groups
+ : @hostname-granted : ALL
Putting tuples in ldap work for usernames
(,test_user,)
Meaning 'test_user' would…
Ryaner
- 3,097
- 5
- 25
- 33
1
vote
0 answers
Centos AD Authentication with SSSD, How to add Samba Shares
I've been trying to get this to work reliable for some time.
Heres the breakdown:
Centos 7 with SSSD auth to Active Directory (fully functional) here is the sssd.conf file:
[sssd]
domains = example
config_file_version = 2
services = nss,…
Errol
- 19
- 1
- 6
1
vote
2 answers
SSSD & LDAP authentication
I’m currently working on deploying OpenLDAP and SSSD for authentication. When I try to id a user that is stored within LDAP I get the response no such user.
The user has been added to LDAP correctly and I can perform an ldapsearch –ZZ and find the…
jamesb7
- 13
- 1
- 1
- 5
1
vote
1 answer
sssd using remote ad servers instead of local ad servers
I am using sssd to join Redhat servers to a windows server 2008 r2 domain. Most of the time things work fine but I have noticed that sssd is trying to reach remote domain servers instead of being aware of the local domain servers and just using them…
Chris Christensen
- 11
- 3
1
vote
1 answer
automate kinit while login using sssd
I'm searching and trying this for a few weeks. What I've done so far: I'm authenticating for login using sssd with ldap. This works actually great!
We need to authenticate via sssd with ldap, because the AD is deep nested. Any other authentication…
cbuchey
- 41
- 1
- 2
1
vote
1 answer
Sudo Access for Active Directory Groups
I have my Linux machine connected to AD but I am unable to get sudo privileges. I can sign on using AD credentials, but sudo doesn't work.
I have looked at everything I can find and everyone says to add the following to the sudoers…
AverageAllen
- 51
- 1
- 3
1
vote
0 answers
Join Ubuntu 14.04 LTS with Active Directory using realm, sssd and adcli
I'm setting up a new network with a Windows 2012 machine running AD DS.
I have several Ubuntu 14.04 I want to join in the domain for authentication.
I've managed to do so on one of these servers using realmd, sssd and adcli this was pretty…
KvH
- 133
- 2
- 6