Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [sssd]

System Security Services Daemon (SSSD) - This project provides a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for FreeIPA, LDAP, & Active Directory.

353 questions
8
votes
4 answers

Which ports are required in order to authenticate against a ldap server in another domain which is behind a firewall?

I have a Linux domain running with sssd, let's call this domain NJ. I'd like machines on the NJ domain to be able to authenticate against an Active Directory ldap server which resides on a different domain (called NY) which is behind a…
Itai Ganot
  • 10,644
  • 29
  • 93
  • 146
7
votes
1 answer

Is it possible to use Kerberos over TLS through sssd?

Background I am trying to log in (via SSH, to an Amazon Linux EC2 instance running sssd) as users that I've created in my AWS Directory Services Simple AD. I am authenticating with Kerberos and identifying the user with LDAP (all through sssd.) I…
2rs2ts
  • 325
  • 3
  • 11
7
votes
1 answer

Refresh ldap client configuration Centos

Recently we change the ip address (and add some groups) of our LDAP server (running in Suse Enterprise) so should change also the ldap authenthication configurations for all the servers that we have. Most of the servers are on Centos. We modified…
deleted
  • 71
  • 1
  • 1
  • 2
6
votes
1 answer

Configuring Sudo using SSSD

Trying to Login to Linux systems using windows AD account. Configured successfully using SSSD. Used LDAP as Identity & Access Providers and Kerberos as the Authentication provider. I have done all this without joining the linux systems to the…
Uday
  • 63
  • 1
  • 1
  • 5
6
votes
2 answers

Q: RHEL, SSSD, Active Directory

Good afternoon folks. I've been perusing various posts already about getting linux systems to authenticate using AD, but haven't seen anything approaching what I'm beating my head against. There's a lot of setup here, so please bear with me. First…
Kill Dash Nine
  • 61
  • 1
6
votes
3 answers

Do Linux servers using AD/Kerberos for authentication/authorization need computer accounts?

I am confused about whether Linux servers using Active Directory (AD) and Kerberos need computer accounts created? Does the Linux server as a machine need to join an AD domain and in doing so have a computer account to have…
Padge
  • 85
  • 1
  • 5
6
votes
1 answer

SSSD process won't die

Thanks for taking the time to check out my problem. I'm currently working on an issue that has only appeared once before. Back on Jan 3rd when this first appeared we were able to reboot the server and everything seemed fine, but now it is back.…
omnivir
  • 99
  • 1
  • 1
  • 3
6
votes
1 answer

Configuring Synology NAS as freeIPA client

I'm attempting to deploy freeIPA in my company. The network is quite simple: < 10 FC20 (and FC21 beta) desktops < 5 FC20 servers (including the one with freeIPA) 1 Synology NAS DS1813+ (DSM 5.0) I am first simulating everything on VMs (including…
cornuz
  • 437
  • 1
  • 7
  • 17
6
votes
2 answers

How do i get centos 7 to use uids and gids from active directory?

I'm preparing for an eventual upgrade from CentOS 6 to CentOS 7. Right now, in version 6, we just use LDAP mapped to AD for authentication. This then uses the UID and GID from the Active Directory extension for Unix. In my experimentation with…
mrwboilers
  • 83
  • 1
  • 2
  • 7
6
votes
1 answer

Understanding PAM authentication procedure on FreeBSD with security/sssd

I'm trying to understand what's behaving errantly on my PAM configuration on FreeBSD 10.0 The machine is configured with two different authentication realms, one is the default Unix authentication and the other one is using the System Security…
Vinícius Ferrão
  • 5,520
  • 11
  • 55
  • 95
6
votes
4 answers

FreeIPA: prevent local root accessing user accounts

So after asking this question, I've been test-driving FreeIPA as a central authentication source based on this question: Managing access to multiple linux system One problem I ran into is that if a user is given local root permissions, they can in…
Swartz
  • 304
  • 5
  • 14
6
votes
3 answers

SSSD ignoring ldap_access_filter

I've setup sssd and LDAP. Users authenticate and login. My problem is that sssd seems to ignore the ldap_access_filter option and allows all users to login. I've examined the logs/debug and pam_sss authorizes the users every time regardless of…
lmickh
  • 350
  • 1
  • 3
  • 11
6
votes
4 answers

kinit & pam_sss: Cannot find KDC for requested realm while getting initial credentials

I have a very similar problem as described in this thread on CentOS 6.3 authenticating against a 2008R2 AD DC. Here is my krb5.conf, I know for a fact that XXXXXXX.LOCAL is the true domain name: [logging] default = FILE:/var/log/krb5libs.log kdc =…
Sauraus
  • 75
  • 1
  • 1
  • 7
5
votes
0 answers

SSSD does not return full list of users in groups

We've set up a working SSSD+Samba+Krb5 bundle working to authorize domain users on Linux machines. Authorization works fine, but getent group EXAMPLE doesn't return full list of users in a group. Whereas id command shows that specific group, to…
Max Shepelev
  • 51
  • 1
  • 1
  • 6
5
votes
2 answers

OpenLDAP/SSSD Automatically Add User to Local Group

I've got a host of servers running various flavors of Linux all setup as OpenLDAP clients via SSSD. I added an LDAP group (sysadmins). I also added a sysadmins group on all of my servers. The members of the sysadmins group will change over time. How…
Ken J
  • 201
  • 1
  • 4
  • 11
1
2
3
23 24