System Security Services Daemon (SSSD) - This project provides a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for FreeIPA, LDAP, & Active Directory.
Questions tagged [sssd]
353 questions
0
votes
1 answer
Moving from nslcd to sssd on Red Hat to solve NSS MD5 issue
I have a problem with the latest version of Red Hat, nss/nscd does not accept MD5 certificates.
Because of recommendations I am replacing nscd with sssd with this howto…
ujjain
- 3,983
- 16
- 53
- 91
0
votes
1 answer
CentOS 6.4 SSSD + GDM problems
I'm having an issue where using SSSD it will not bring up a full desktop when using GDM. It seems to get to where it appears to be loading the desktop, then X crashes/stops then reloads GDM.
If i login via SSH or console, it works fine, i can even…
Steve Butler
- 1,016
- 9
- 19
0
votes
1 answer
Fedora 389 ds sasl mapping issue?
I have a fedora client that is authenticating to a centos server running 389 ds and kerberos
I can run kinit on the fedora client successfully and get a ticket, but no matter what I try I just cannot authenticate with kerberos to…
red888
- 4,183
- 18
- 64
- 111
0
votes
0 answers
nfs4 idmapping with sss
We have a Dell enterprise file server that implements NFS4 ACLs.
I can mount a NFS4 directory and nfs4_setfacl and nfs4_getfacl work correctly. Unfortunately, I am unable to get an ls listing to work correctly.
I've enabled id mapping:
echo 0 >…
gerard
- 293
- 2
- 7
0
votes
0 answers
Linux login using active directory domain with two-way trust
I don't have much experience in linux tools for infrastructure and authentication with Active Directory.
I'm trying to set up authentication via AD on Ubuntu 22.04.
The structure we use is as follows:
we have a local AD with windows server 2019, I…
0
votes
0 answers
Using shadow password from LDAP while using SSSD for identity
I'd like to use SSSD ldap as a provider for shadow entries. It seems to be supported, given the default config with sssd installed adds sss to both passwd and shadow in nsswitch.conf, but I can't get the shadow entries.
Testing getent passwd myuser…
viraptor
- 1,296
- 6
- 21
- 41
0
votes
0 answers
How to synchronize OpenLDAP and Samba4?
I have a samba 4 domain with internal LDAP. Now the need arose to copy OpenLDAP users and passwords to this domain. This copy must be made synchronously every time there is a change in OpenLDAP. Reading some links, I understood that copying the…
campos
- 17
- 3
0
votes
0 answers
SSSD LDAP CONFIGURATION
I am trying to configure ldap on port 636 on a redhat server. Right now, when I try the following command :
netstat -antup | grep -i 636
I get
tcp 0 132 IP_ADDRESS_1:40670 XX.XX.XX.XX:636 ESTABLISHED XXXXX/sssd_be
Is there a…
0
votes
0 answers
SSSD Active Directory login on Ubuntu server closes connection on first login
We have configured some new Ubuntu VMs to use our Active Directory via sssd, but I am experiencing problems:
When logging in via ssh with password-based authentication, it asks for my password, then immediately closes the connection. If I repeat the…
Taxel
- 111
- 3
0
votes
1 answer
ldap_group_search_base is not working as intented
I've used the below-given sssd.conf file to authorize the users to a server. The issue is some users who are not listed under the DN: cn=authorized,ou=rona,ou=servers,ou=groups,dc=yolo,dc=com still can access it.
Users are created here…
0
votes
0 answers
detect when sssd connects to the ladp server and finds a specific group in boot
I am looking to find a way so when system is booting , i can detect when sssd connect to LDAP server and finds a specific group then reload the systemd-udevd.
i actually want to automate all of these steps.
does any one have any idea?
bani
- 1
0
votes
0 answers
ldap+sssd on SuSE shows only local users
Problem: Not able to list ldap users.
Hello,
I am setting up new LDAP authentication on our SuSE 12 test system. I am a LDAP newbie and following the instructions from the site https://www.port389.org/docs/389ds/howto/quickstart.html
I have…
Sachin H
- 11
- 2
0
votes
1 answer
Failed to join a computer to samba domain (Zentyal) - Couldn't join realm: Insufficient permissions to join the domain
I'm relatively new Zentyal user (few months), and I love it! But I've ran into a problem I hope someone can help me with.
In my deployment I have two Zentyal servers (zentyal-1.mydomain.com and zentyal-2.mydomain.com), both running "Domain…
Aleksandar Pesic
- 259
- 2
- 4
- 9
0
votes
1 answer
sssd.service restarting every 1 minute 50 seconds
I have 5 workstations that have been joined to a freeipa domain. I've noticed some weird authentication related issues on 3 of the workstations. I've discovered that all 3 workstations will restart their sssd service at almost the exact same time…
dutsnekcirf
- 249
- 2
- 4
- 16
0
votes
1 answer
Filter groups that SSSD receives from AD server
We've got two Ubuntu 22.04 servers that use Kerberos and SSSD to authenticate users against an AD server. This works great.
The servers also have a GlusterFS volume that holds the user's home directories. In principal, this works great also. Unless…
user7037
- 1