Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [sssd]

System Security Services Daemon (SSSD) - This project provides a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for FreeIPA, LDAP, & Active Directory.

353 questions
5
votes
5 answers

Filter LDAP user through PAM so it appears to not exist at all

In our corporate environment long ago some wiz decided to put the user "mysql" into LDAP. The account is disabled: $ sudo su - mysql This account is currently not available. ...but it's id still exists: $ id mysql uid=2050913(mysql) gid=867(ENG)…
rrauenza
  • 555
  • 3
  • 16
5
votes
2 answers

Overriding Parameters in Previously Declared Puppet Resource

I'm attempting to rebuild nwaller's sssd puppet module to be entirely LDAP based and to be a little cleaner. In it we have a resource defined for each authentication domain of the form define sssd::domain ( $domain = $name, $domain_description…
Scott Pack
  • 14,907
  • 10
  • 53
  • 83
5
votes
3 answers

sssd vs nslcd for RHEL-5/6

We have 50 RH-5 machines and 70 RH-6 machines. I am looking to decide what we should use for LDAP: nscd/nslcd for all RH-5/RH-6 servers nscd/nslcd for RH-5 servers, sssd for RH-6 servers sssd for all RH-5/RH-6 servers SSSD is available on both…
ujjain
  • 3,983
  • 16
  • 53
  • 91
5
votes
1 answer

Troubles with sssd and Active Directory Integration

I have Debian Squeeze and sssd installed. When I try to login to server by user 'alexwinner' by ssh I see in the log: (Fri May 11 18:56:03 2012) [[sssd[krb5_child[26281]]]] [get_and_save_tgt] (1): 523: [-1765328360][Preauthentication failed] But…
Alexey Malov
  • 51
  • 1
  • 1
  • 3
4
votes
2 answers

SSSD storing wrong shell in cache

I am using SSSD to authenticate users on Linux against a local Active Directory server (Windows). It works fine, this is my config: [sssd] domains = my.domain config_file_version = 2 services = nss, pam [domain/my.domain] ad_domain =…
Stefan Seidel
  • 722
  • 1
  • 8
  • 20
4
votes
3 answers

How to de-obfuscate sssd.conf password?

I have inherited a number of EC2 instances with Centos that authenticate users against AWS Directory Service through LDAP. Now I need to run some manual queries with ldapsearch using the same account to debug some authentication problems. However…
KeepLearning
  • 665
  • 7
  • 10
4
votes
5 answers

Automatic Kerberos Host Keytab Renewal with SSSD

Has anyone here seen their Linux servers removed from AD domain due to expired machine credentials? We are using AD authentication with sssd-1.13.3-56.el6 (Centos 6) Per "https://bugzilla.redhat.com/show_bug.cgi?id=1290761", sssd should be able to…
BBDG
  • 157
  • 1
  • 2
  • 7
4
votes
2 answers

SSSD AD synchronization fails after Active Directory UPN change

I have recently run into a problem with my AD integration on a number of debian boxes. I use SSSD and krb5 to allow PAM to synchronize and authenticate users against the Active Directory. This has been working for over a year, until the AD…
Martin Nielsen
  • 73
  • 3
  • 12
4
votes
2 answers

id command is not showing secondary groups

During some days I've been working on a LDAP integration. Now, after configure almost everything that I needed, I came up with this last wall: The need of use secondary groups which are taken from the LDAP server. Behaviour: [root@sr-servicesLin ~]#…
ITPro Guy
  • 43
  • 1
  • 5
4
votes
2 answers

AWS Simple AD: "KDC has no support for encryption type" for users created with adtool, but not with MS Management Console

Background I am trying to log in (via SSH, to an Amazon Linux EC2 instance running sssd) as users that I've created in my AWS Directory Services Simple AD. I am authenticating with kerberos and identifying the user with LDAP (all through…
2rs2ts
  • 325
  • 3
  • 11
4
votes
2 answers

rpm2cpio skips files from RPM

These steps are from a box running CentOS 6.5. I merely tried converting a RPM package to a CPIO archive and was surprised to find files listed in the RPM but absent from the archive. Here are the steps taken. List out paths in the RPM: $ rpm -qlp…
pdp
  • 778
  • 1
  • 7
  • 16
4
votes
2 answers

Linux AD integration, unable to login when using Windows Server 2012 DC

I am trying to integrate my CentOS 6.6 servers into Active Directory. I've followed this guide from Red Hat using configuration 3 (SSSD/Kerberos/LDAP). When using a Windows Server 2008 R2 server as the domain controller w/ IMU enabled, everything…
Python Novice
  • 351
  • 1
  • 5
  • 13
4
votes
2 answers

Apply changes to PAM changes

Does the server or a specific service needs to be restarted to let changes to pam files (/etc/pam.d/system-auth) take effect? longer version - I'm working on configuring SSSD to connect with LDAP for authentication purposes. The system is RHEL6…
omnivir
  • 99
  • 1
  • 1
  • 3
4
votes
3 answers

Multiple Domain realmd/sssd Configuration on RHEL7?

I've configured our RHEL7 instance to support Active Directory login integration by using the documentation HERE. This describes using the "realm" command to configure the "sssd" service allowing for AD Integration. I've used the following commands…
Caesar Kabalan
  • 348
  • 1
  • 4
  • 12
4
votes
1 answer

Fedora 21 pam_sss authentication failure - permission denied

We have configured a OpenLDAP server which is working fine. FreeBSD, Debian, and a WordPress plugin authenticate with no problems. We are configuring Fedora 21 with pam_sss, but we get the following error in /var/log/secure: Mar 1 00:15:00 www…
Joel May
  • 189
  • 1
  • 1
  • 7
1 2
3
23 24