Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [sssd]

System Security Services Daemon (SSSD) - This project provides a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for FreeIPA, LDAP, & Active Directory.

353 questions
0
votes
1 answer

Authenticating via SSSD but Unix Auth logs a failure

I have WinAD authentication working on all 20+ of our Debian 11 servers. We also have a handful of CentOS/Rocky servers working correctly. Login to one of the Debian machines causes the following logs: Mar 22 07:53:06 pcap-1 sshd[1107]:…
ross
  • 1
  • 2
0
votes
1 answer

Nsswitch - sudoers sss vs ldap what am I missing

I'm trying to configure nsswitch to use sudoers: files sss which is default for rhel9 system, however this does not work for me, but the following sudoers: files ldap does indeed work. What am I missing for SSSD to work? I can successfully log into…
N. J
  • 131
  • 5
0
votes
0 answers

Why do users in the administrators group not show they are in the group from a sssd joined host?

Noticed that when running id usertocheck or groups usertocheck the users in the administrators group did not show that group listed. Checking on the windows dc with net user usertocheck shows Administrators group listed. Performing an ldap query of…
Dave
  • 229
  • 2
  • 10
0
votes
0 answers

Automatically add LDAP users to a local group

I manage about 100 servers running Alma Linux 9.1, each with multiple users. Historically we've had a single account "admin" that everyone logs into when working on a server. I'm moving us over to individual LDAP users via SSSD but have hit a…
miken32
  • 942
  • 1
  • 13
  • 35
0
votes
1 answer

SSSD is not creating a krb5.conf file after realm join, not able to `id` domain users, why?

The main problem is after I join the domain, I cannot id a domain user. Be aware I am not rebooting the host, do I need to? I would think I wouldn't need to. After doing some basic troubleshooting I realized that after I join the domain, I would…
Dave
  • 229
  • 2
  • 10
0
votes
1 answer

Realmd / SSSD Sudo performance issues

I have bunch of RHEL8.6 machines and i need user authentication via Active Directory. I got machines added to AD-domain with Realmd, made user groups, restricted access to user groups and enabled Sudo for those groups. However, i'm facing some…
unix_ike
  • 13
  • 3
0
votes
0 answers

samba - openLdap authentication issue - Ubuntu 20.04 server

i'll try and be concise: i'm running a Ubuntu server 20.04 VM, i've installed OpenLDAP and Samba (this is an assignment, so i'm not worrying very much that those both are hosted on same server for the time being). I set Samba up and create my…
Medb
  • 1
  • 1
0
votes
0 answers

sssd password update not working, AD behind firewall

I have a centos server in a DMZ joined to my AD with sssd, minimum ports are open in the corporate firewall to allow the authentication but if the password of a user is updated on the AD, the Centos server will no update it's cache and still work…
mickg
  • 1
0
votes
0 answers

xrdp no login possible for AD-users

i have set up a Fedora 37 Gnome box, as well as Fedora 32 Gnome box and a Fedora 37 KDE box (this one upgraded since about 5 years) All PCs are part of a AD-domain, login with AD-users on local Desktop works fine, also login with AD-user via SSH…
Chris9834
  • 151
  • 1
  • 11
0
votes
0 answers

AD joined Linux machine with different suffix

I've been struggling for 4 days and according to the information I have stated below, I can't access the linux os (debian) joined in AD to users with different UPN suffixes. What kind of config (sssd smb or krb5) should I make, can you help…
erdemyanik
  • 1
0
votes
1 answer

Ubuntu 22.04 ActiveDirectory Password Syncronisation

I have Ubuntu 22.04 clients witch login with activeDirectory Domain accounts. (joined domain) A password policy is active to force a new password every 2 month. The password can be changed on multiple plattforms (Owa, MS Teams, TerminalServer). if a…
M41DZ3N
  • 103
  • 2
0
votes
0 answers

sssd/ldap does not authenticate against LDAP

I have configured SSSD with AD as ID and Auth providers. I am not caching credentials, so I expect connections to AD for authentication when I ssh to the host, but I do not see any. The user account is created: # sssctl user-checks ams user:…
user2634153
  • 101
  • 2
0
votes
0 answers

Active Directory User Accounts not loading environment variables from /etc/profile and /etc/bashrc

I have Rocky Linux 8.6 server that is joined to Active Directory and I can login to it with AD accounts. I have also mounted a NFS drive to the server. The home directories for AD accounts have been specified at the mount with the below variable in…
Anas
  • 1
  • 1
0
votes
0 answers

Debian with sssd to connect AD user doesn't restrict login against GPO

I'm stuck since 3 days, I try to integrate AD users from my Windows server to Debian Server. For this purpose I installed on my debian server these package : realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir…
Marc-Antoine Echallier
  • 1
  • 1
0
votes
0 answers

Password expiration with sssd

I'm trying to configure password expiration warnings and access rejection with SSSD+LDAP by setting the following: [domain/LDAP] ldap_access_order=filter,expire ldap_pwd_policy = shadow ldap_access_order = …
Rubycon
  • 1
  • 2
1 2 3
23 24