Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [sssd]

System Security Services Daemon (SSSD) - This project provides a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for FreeIPA, LDAP, & Active Directory.

353 questions
4
votes
6 answers

Pursuit of True Active Directory Integration

Before you laugh at me and say, "If you want Active Directory, use Windows" or tell me to use Google, hear me out. My company relies very heavily on AD. Nay, we are married to it at this point, and as a Fortune 10 company, that's not changing.…
Arthur Sommers
  • 69
  • 1
  • 6
4
votes
3 answers

Linux / AD integration with SSSD: how to choose what systems a user can log into?

We are trying out ActiveDirectory integration on some linux systems with SSSD. So far so good we joined the linux systems to the domain and we can log into linux systems with AD-defined users. Right now every AD user can log into every Linux system…
Luke404
  • 5,826
  • 4
  • 47
  • 58
4
votes
4 answers

How to reset Keytab for FreeIPA Server and Client

I followed the standard documentation to install FreeIPA server and client on hosts 'SRV' and 'CLT' respectively. I then added a user 'X' to FreeIPA using Web UI. Now when i try to SSH as X to CLT, i get a 'Permission denied, please try again.'…
Quest Monger
  • 189
  • 2
  • 4
  • 12
4
votes
2 answers

LDAP Client Authentication using SSSD: Groups issue

I have been able to setup 389 LDAP server and SSSD client authentication. However, whenever I login using ldap user after each login it displays the error ttt@dsl's password: Last login: Thu Dec 6 12:52:06 2012 id: cannot find name for group ID…
chandank
  • 847
  • 3
  • 14
  • 31
4
votes
0 answers

How can I authenticate users inside a docker container against the host system's SSSD which itsself retrieves user data via LDAP?

I have a container host on which users are authenticated against a company Active Directory using SSSD with LDAP. On this host I have several docker containers running. Some of these containers just need to recognize the users (like e.g. the "id "…
JoHe
  • 41
  • 1
3
votes
0 answers

SSSD - Server not found in kerberos database

I've been trying to setup SSSD on a CentOS 7 machine to join with a windows AD for user management. I've managed to get Kerberos working independently of this setup, using LDAPS as the transport protocol. I have also successfully joined the machine…
lgg
  • 31
  • 1
  • 1
  • 2
3
votes
0 answers

Is there any way to get an AD bound linux system to mount home directories from a Windows server?

We've been experimenting with integrating linux systems into what is largely a Windows domain, with a Windows-based Active Directory server. After considerable trial and error, we have successfully configured sssd (on RHEL, CentOS, and Ubuntu) to…
pgoetz
  • 465
  • 1
  • 8
  • 16
3
votes
2 answers

SSSD LDAP authentication using two different LDAP servers

I am trying to setup LDAP authentication using SSSD on CentOS 7. Is it possible to set up SSSD in a way that it uses two LDAP servers: one LDAP server is used just for authentification (basically just to authenticate with the password) and other…
Mr. White
  • 33
  • 4
3
votes
1 answer

SSSD Sites with Active Directory

I am a Windows admin who manages our AD infrastructure. Our Linux team have been building some CentOS 7 VMs and configuring them to use SSSD to join the domain. The initial config was querying a DC in a different site (not domain as previously…
neildeadman
  • 684
  • 4
  • 20
  • 34
3
votes
0 answers

Centos 7 SSSD based user access stops working after AD password change

We use SSSD to provide AD authentication, and kerberos TGT acquisition, on Centos 7.3 build 1611. This works correctly for 99% of users most of the time, but we've hit an issue where post-password change (via Windows PC), a single user can no longer…
SiCole99
  • 31
  • 1
  • 3
3
votes
3 answers

ID mapping with SSSD and SMB

I'm trying to get a samba share working with correct IDs on Windows (SID) and Linux (uid/gid) clients. The problem is that the uids and gids are not properly mapped back to SIDs and SIDs are not resolved to names. What could lead to this problem and…
Sethos II
  • 507
  • 4
  • 7
  • 18
3
votes
1 answer

Kerberos "Server not found in kerberos database" using SSH and -K Flag to Linux Machine joined to AD

I have a situation where I am attempting to take advantage of GSSAPI (Kerberos) forwarding to connect to another Linux server that is also joined to a Windows AD and using SSSD. The Linux machines are joined to the domain using a different machine…
Thomas Farvour
  • 141
  • 1
  • 1
  • 3
3
votes
2 answers

Unable to login with SSH after configure LDAP authentication

I have a CoreOS server which i connected to my LDAP server. I get a correct answer after using id and ldapsearch commands. However, i still not able to login with SSH. I can see on sssd_LDAP.log file that the server has received the request to…
Omri
  • 81
  • 1
  • 5
3
votes
1 answer

Should SSSD perform AD access validation for matching local users?

I have been spending many, many happy hours exploring the sssd configuration needed to integrate RHEL7 and Active Directory. A large portion of those have included looking through the many posts here on SSSD and AD integration, particularly to do…
gScott
  • 33
  • 1
  • 6
3
votes
2 answers

SSSD Kerberos Authentication vs AD

I am trying to setup SSSD to authenticate to AD, and want to do in most secure way possible. I noticed when setting auth_provider = adPort 389 is open. We have firewall rules in place that are blocking port 389. Setting ldap_service_port = 636 did…
CodyK
  • 175
  • 1
  • 9
1 2 3
23 24