Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [sssd]

System Security Services Daemon (SSSD) - This project provides a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for FreeIPA, LDAP, & Active Directory.

353 questions
0
votes
2 answers

for , Cannot decrypt ticket

After reinstalling FreeIPA server and client(s), one client refuses to authenticate. $ ipa user-find properly list users I can kinit user successfully. ipa server krb5krc.log krb5kdc[4425](info): AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18),…
tmdag
  • 133
  • 1
  • 6
0
votes
1 answer

Can't authenticate against a 389DS server. I suspect it's a SSSD issue on client side

I'm running a 389DS LDAPS server (with self-signed certificates) on a Fedora 30 remote machine called "miservidor.midominio.local". There I have a typical directory containing user and group entries. I can retrieve directory data from another…
Osqui
  • 135
  • 1
  • 8
0
votes
1 answer

Authenticate with SSSD in multiple domains in Ubuntu 18.04

I was able to successfully follow this document to get sssd to work with my Active Directory domain, but I was sad to learn that sssd does not support authenticating with external trusts. I read that you can actually join multiple domains with the…
tacos_tacos_tacos
  • 3,250
  • 18
  • 63
  • 100
0
votes
1 answer

Why do all groups show all users as members with Google Secure LDAP?

After enabling and configuring SSSD to use Google's Secure LDAP service, when queried via getent group, all G-Suite groups show all G-Suite users as members: $ getent group admin admin:*:202851646:muru,user1,user2,.... $ getent group…
muru
  • 589
  • 8
  • 26
0
votes
1 answer

Use shell if defined in LDAP, otherwise default

How should /etc/sssd/sssd.conf file be configured to use the shell defined in LDAP and the default one if the variable is not defined in LDAP?
Daniel Argüelles
  • 103
  • 3
0
votes
2 answers

sssd dynamically update DNS

I am trying to figure out how to get SSSD to dynamically update DNS for different domains on a per NIC basis. For instance if I have a server named host.corp.example.com that has 2 NIC's. I would like the first NIC to use DDNS to update NIC1's DNS…
Michael Moser
  • 219
  • 2
  • 4
  • 16
0
votes
1 answer

Convert Samba Active Directory to sssd instead of winbind

I've inherited a Samba 4 Active Directory (AD) server. It works fine with winbind, however for security reasons we'd like to change to sssd. The domain has two domain controllers (primary and secondary) both online. I've created a test client…
BurningKrome
  • 525
  • 2
  • 12
  • 22
0
votes
1 answer

SSSD Based on KDC and OpenLDAP?

I've installed a MIT KDC instance backed by an OpenLDAP instance, all running on RHEL 7. I'm wanting to configure SSSD to pull users and groups from this combination, but I'm running into a lot of issues, since most documentation assumes AD. The…
Dave McGinnis
  • 153
  • 1
  • 12
0
votes
1 answer

changing password - issue with ldap update

I have set directory 389 and 1 server to be client for testing authentication of users, etc. For installation of Directory I have used this tutorial: Install And Configure LDAP Server In CentOS 7 For installing client I have used this tutorial: How…
dovla110010101
  • 162
  • 1
  • 2
  • 10
0
votes
1 answer

CentOS 7 SSSD LDAP against Windows Server DC fails to authenticate

I'm having an issue for authenticating via LDAP from a CentOS 7 machine to a Windows Server 2012 R2 DC via SSSD. Linux WS100 3.10.0-957.10.1.el7.x86_64 #1 SMP Mon Mar 18 15:06:45 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux ldapsearch can successfully…
tallaferrox
  • 1
  • 1
0
votes
1 answer

How to mount CIFS shares in Linux without password, using domain credentials?

I have Ubuntu 18.04 and CentOS 7 boxes, they are members of Windows domain (using sssd). Linux users need to mount CIFS shares from domains fileservers. What should be done in order to provide passwordless mount, using Kerberos? (I see a similar…
Vitaly Karasik DevOps
  • 469
  • 2
  • 4
  • 20
0
votes
1 answer

How to install sssd in Alpine?

I want to install sssd in an Alpine-Linux container. I know that Alpine uses apk add to install packages but apk add sssd yields no results. Yet the package seems to exist: https://pkgs.alpinelinux.org/package/edge/testing/x86_64/sssd
Fang
  • 167
  • 1
  • 12
0
votes
1 answer

SSSD : id don't display groups name subdomain (Child trust)

In dev environnement, with SSSD 1.16.2 (release 13.el7_6.5) on RHEL 7.6 SSSD is configured to request on mch.dev domain. trusted subdomain sub.mch.dev exist (Win2k16) On mch.dev, I have an user 'user1' in Universal groups 'G_TEST' and 'allowed_ssh'.…
user5525652
  • 157
  • 1
  • 4
  • 14
0
votes
1 answer

How does ssh logins with Kerberos authentication exactly work from every client while Kerberos uses mutual authentication model?

I have my system authentication managed with SSSD which uses Kerberos. As kerberos support mutual authentication model i.e., both client and server should support Kerberos, how exactly does SSH to the server work from any client like putty or…
GP92
  • 681
  • 2
  • 9
  • 27
0
votes
4 answers

Get fullname by username using SSSD

The OS uses SSSD to authenticate users via LDAP. It has no X server running. I can run id to get the uid of the user. And the users can login to the system and their full name is displayed. Is there a way to get the full name or display…
Michael
  • 345
  • 6
  • 19
1 2 3
23 24