System Security Services Daemon (SSSD) - This project provides a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for FreeIPA, LDAP, & Active Directory.
Questions tagged [sssd]
353 questions
0
votes
0 answers
OEL 8.3 SSSD AD Login issue
I am running Oracle Enterprise LINUX 8.3 . I am able to join my AD domain with an admin account but when I try to login to the server using the same credentials that I used to join the server to the AD I am getting incorrect password.
Jun 24…
Keven Jones
- 1
- 1
0
votes
1 answer
pam_sss(crond:session): Request to sssd failed. Public socket has wrong ownership or permissions
we have Active Directory authentication with SSSD on a CENTOS 7.5
Starting from today users are unable to log in. When they try, they get:
/usr/bin/id: cannot find name for group ID xxxxxxxxxx
I looked into /var/log/secure:
pam_sss(crond:session):…
Alby11
- 123
- 2
- 5
0
votes
1 answer
SSSD integration with Ldap Error 'Could not start TLS encryption. TLS: hostname does not match CN in peer certificate'
We are currently using Wildcard certificate with SAN. I can successfully run ldapsearch from my client machine when I added TLS_REQSAN allow in openldap configuration.
Now i'm trying to integrate SSSD with secure LDAP but getting the below…
Jos
- 11
- 1
- 5
0
votes
1 answer
how to export permissions/ACLs from Samba share to clients?
I have a Synology NAS running Samba that serves up shares in my network. I've set up autofs, LDAP and sssd and can mount Samba home directories on the fly when I log into Linux and MacOS machines.
My shares on the NAS are on an Ext4 volume, i.e.…
Stephen Winnall
- 165
- 1
- 8
0
votes
1 answer
RedHat 7: Is there a way to remove AD support from sssd?
We are a RedHat only shop. No Windows machines. All of our hosts authenticate with ldaps (636).
Recently, there was a CVE about a Samba issue with Active Directory. CVE 2020-1472
We have absolutely no need at all for Active Directory connectivity.…
Scottie H
- 227
- 2
- 10
0
votes
1 answer
CentOS 8.2 LDAP client configuration
I'm trying to configure an LDAP client on a CentOS 8.2 machine, using SSSD.
The server doesn't use TLS or SSL.
I have modified the following configuration files :
/etc/sssd/sssd.conf
[sssd]
config_file_version = 2
services = nss, pam
domains =…
antoineh
- 1
- 2
0
votes
1 answer
How can I disable users in "domain admins" group from running sudo?
Hi we have a large company and have some Domain Admins who belong to the
id myadminuser
groups=101010(domain admins),
"domain admins" group.
I was surprised by default that the sudoers %admin group (If I understand correctly), extends to users in…
bluesquare
- 137
- 1
- 1
- 10
0
votes
0 answers
CentOS sssd: How to allow specific AD security group with space in the name to login while deny everything else?
People,
In CentOS v8 sssd: How to allow specific AD security group with space in the name to log in while denying everything else?
The AD security group is Domain Admins
I have tested the id but nothing is working:
[root@PRDLINUX01-VM ~]# id -g…
Senior Systems Engineer
- 1,275
- 2
- 33
- 62
0
votes
1 answer
how do I change realm login format in sssd?
I'm trying to figure out how to change my realm login format to allow for lowercase but currently it just seems to work with uppercase?
realm list
domain
type: kerberos
realm-name: domain
domain-name: domain
configured: kerberos-member
…
Andrew
- 103
- 4
0
votes
3 answers
Why does sssd return SID numbers instead of group names on Ubuntu?
I'm trying out sssd to use krb5 for authentication on a Ubuntu 18.04 host and can't figure out how to show the actual user groups (groups shows some sort of Windows SID instead of human readable names). The primary group looks ok (Domain Users...)…
Server Fault
- 3,714
- 12
- 54
- 89
0
votes
1 answer
FreeIpa. How to setup specific shell only on 1 host for group of users
I'd like to set specific shell for group of users only in 1 host. In my environment already installed FreeIpa. In FreeIpa I can change shell for all my hosts, it is not my requirement.
0
votes
1 answer
ubuntu - sssd - unable to login when system partition is full
we have many ubuntu servers that are joined to active directory using sssd.
However, domain users are unable to login when the root partition reaches full capacity.
After some research I found the following thread:…
GKman
- 495
- 3
- 9
- 16
0
votes
1 answer
Superuser unable to change password of user on LDAP server
Just set up an LDAP server (sun) running Ubuntu 20.04 following the guide on Ubuntu Server Docs with TLS enabled with a bunch of users, groups, and automounts in database. Several clients (here: seca) running Ubuntu 20.04 use the server for…
marz_cyclone
- 71
- 1
- 4
0
votes
1 answer
Failing getent groups fail but getent passwd works
I have an AD server running on server 2019. I just setup a linux box and configured samba for some reason i can't get getent group "domain admins" to show anything. if i do getent passwd Administrator it does work, and wbinfo -u or wbinfo…
Stanl l
- 1
- 1
0
votes
1 answer
Linux/Ubuntu - Use AD groups in Ansible before the computer is on the domain
TL;DR How do I reference an AD group for folder permissions before my computer has joined the domain?
I'm setting up an Ubuntu system to interface with the orgs Active Directory. I've read that private groups on the Linux machine is not the best…
Black Dynamite
- 523
- 2
- 5
- 16