System Security Services Daemon (SSSD) - This project provides a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for FreeIPA, LDAP, & Active Directory.
Questions tagged [sssd]
353 questions
1
vote
1 answer
How to authenticate to CentOS7 using LDAP if the posixAccount objectClass is unavailable?
Aim: authenticate to CentOS7 using LDAP
Problems
1) User cannot be found
calling ldap_search_ext with
[(&(uid=bla)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][dc=my-domain,dc=com]
2) posixAccount objectClass not…
030
- 5,901
- 13
- 68
- 110
1
vote
0 answers
SSO Linux and AD Trusted Domain
Having successfully built a one-way trust between 2 AD domains, we can't lookup/id the user in the trusted domain.
Here's our use case.
AD1: dom1.com (Win2k8 R2) - One-way outgoing trust to AD2
AD2: dom2.com (Win2kr R2) - One-way incoming trust…
donc
- 19
- 3
1
vote
1 answer
Samba4 share permissions not resolving correctly on server
I'm a bit new to Samba4 and using it as an AD DC. I have a functioning server but seem to be having permissions issues.
Currently, if I create a folder (from Windows) in a Samba share, the permissions on the server (from the command line) are in the…
user2487593
- 11
- 1
1
vote
1 answer
Filter getent passwd output with SSSD
I am using ldap_access_filter in sssd.conf in order to limit access to users that are in a specific ldap group. However, when I do a "getent passwd" I still get a full list of the ldap users.
How can I limit the output to only the users of this…
Cobra Kai Dojo
- 447
- 2
- 6
- 21
1
vote
2 answers
Linux-SSSD: always getting incorrect password when su'ing to domain users, but why?
I've built a new Linux environment at my work place.
I've configured sssd and bound it to one of the Active Directory domains of the company.
I can tell that the sssd is partially working, let me show you:
I've cleaned the sssd cache on the local…
Itai Ganot
- 10,644
- 29
- 93
- 146
1
vote
1 answer
sssd one ldap server for authentication and one for automounting, is this possible?
Says it all in the title really :)
I am looking into SSSD but have a requirement that it must use ldap-1 for user authentication and then get the home directory automount information from ldap-2.
Endless Googling provided me with no definitive…
Matt John
- 33
- 3
1
vote
2 answers
Make sssd respect Acctive Directory nested groups
I have managed to get sssd working and getent passwd *username* as well as getent group returns AD data.
I am now facing a problem with nested groups in Active Directory.
In the AD i have supergroup for the entire department. This group has the…
Martin Nielsen
- 73
- 3
- 12
1
vote
0 answers
need help writing puppet module for sssd.conf using Hiera
I need to build a module to manage /etc/sssd/sssd.conf on our Red Hat VMs. The sssd modules published on the forge don't seem to do what I want, nor do I feel like forking any of them.
I want to keep all the configuration data in Hiera's common.yaml…
mr.zog
- 923
- 3
- 20
- 39
1
vote
1 answer
Groups with local and LDAP users
I'm exploring the idea of authenticating users on some RHEL 6.4 boxes using LDAP. I'm using sssd with an LDAP provider, and setting the nsswitch.conf file to use sss for passwd/shadow/group.
How can I set things up so that system users (which don't…
JW.
- 119
- 4
- 11
1
vote
1 answer
FreeIPA client's sssd not using LDAPS
No matter what I try I am unable to get sssd to connect to my ldap/FreeIPA server via LDAPS/636. Checking debug shows that sssd is showing that it should be using 636... however packet captures and lsof show otherwise.
Client is RHEL6.4, sssd 1.9.2,…
Nick R
- 183
- 1
- 5
1
vote
1 answer
linux ldap authentication set gid to uid
I'm setting up ldap authentication with sssd for a linux server. everything works fine. however, the users from the ldap server have a default group User. which is,
uid=10001 (larry), gid= 20001 (User), groups = 20001 (User), 20002 (dev)
I'm…
Daniel
- 23
- 1
- 5
1
vote
1 answer
CentOS 6 SSSD SSH/Console Login Issues
I'm new to SSSD but I think I've configured it correctly considering id {ldap user} returns the expected uid and gid values for multiple test users. I'm using two CentOS 6.4 servers as test machines. One running ApacheDS and the other SSSD. However,…
james8562
- 23
- 1
- 3
1
vote
1 answer
How to poll the username, when having the UID?
we're using ldap with sssd for the usermanagement, so our users are not in the "/etc/passwd"
Unfortunately, ps just shows the UIDs:
[root@xyz ~]# id jmw
uid=1582(jmw) gid=1582(jmw) groups=1582(jmw), 1000(admins)
[root@xyz ~]# ps aux
[..cutting some…
JMW
- 1,463
- 4
- 19
- 27
1
vote
0 answers
SSSD, openLDAP and nested groups
I am trying to figure out how to structure my ldap and/or configure sssd to read membership of nested groups.
Something like this works for normal group membership:
DN: cn=server-admins,ou=Groups,dc=example,dc=com
groupOfNames…
fussedAs
- 11
- 1
1
vote
1 answer
List kerberos tickets, expiration details with SSSD/realm
tl;dr - how do I check details of users' kerberos tickets to confirm they are being renewed as I've sought to configure, using realm or sssd (no klist installed)?
Hi - I'm on a Debian 11 system which is AD/domain joined with some mix of SSSD and…
bikeactuary
- 123
- 5