System Security Services Daemon (SSSD) - This project provides a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for FreeIPA, LDAP, & Active Directory.
Questions tagged [sssd]
353 questions
3
votes
2 answers
Required permissions on AD user objects for SSSD?
I was experiencing major issues with SSSD today where newly created users were unable to logon. After troubleshooting I found that the issue was in the AD user object security permissions. Seems like someone from my team recently changed the…
willemdh
- 245
- 4
- 14
3
votes
3 answers
How to change from the default shell authenticating using SSSD/AD
Within in the sssd.conf file, does anyone know what the syntax should be to allow me to switch between different login shells?
Thanks
example@example.com:~$ chsh -s /bin/zsh
Password:
chsh: user 'example' does not exist in /etc/passw
d3code2016
- 31
- 1
- 2
3
votes
1 answer
SUDO Keeps promting for password, when using SSSD with AD
Hi I am trying to setup SSSD to authenticate to AD on RHEL.
I able able to login with my AD user and password and see my groups when I run id. But when I try to use sudo, it just keeps prompting for my password (Sorry, please try again). Any ideas…
CodyK
- 175
- 1
- 9
3
votes
2 answers
SSSD Kerberos AD Centos troubleshooting
I followed the Configuration 3 from the RedHat AD integration (https://access.redhat.com/sites/default/files/attachments/rhel-ad-integration-deployment-guidelines-v1.5.pdf); but I am stuck.
I am on Centos 6.8.
I have a working AD connection:
…
Rob Audenaerde
- 325
- 1
- 5
- 16
3
votes
2 answers
sss_cache keeps looking for a LOCAL domain, not purging LDAP records
I've added a user to a group in LDAP. The user shows up in ldapsearch. However, the user does not show up when I list group members on my RHEL instance using getent group my_group.
Am I correct in assuming that this is because SSSD caches group…
Leo
- 983
- 7
- 21
- 39
3
votes
3 answers
Unable to join domain using samba tool net or realm/sssd
On a rhel7 server I am trying to join the server to a domain, but I am getting the following failure:
net ads join -S domain.example.org -U name
Enter name's password:
Failed to join domain: failed to set machine kerberos encryption types:…
aseq
- 4,610
- 1
- 24
- 48
3
votes
2 answers
List of packages for RH 5.x
I need to install SSSD onto some of my client's servers, but a few of them are pretty old. Is there a list of all of the packages in the repository for a specific release of redhat?
Specifically I need to see what is the newest version of SSSD that…
AverageAllen
- 51
- 1
- 3
3
votes
0 answers
LDAP with SSSD: force user to change password - 'ShadowLastChange' not working
I have CentOS6, with LDAP user authentication, using OpenLDAP and SSSD. I'm trying to force user to change the password. According to this ServerFault question I tried to set ShadowLastChange to 0, but it's just seem to be ignored when the user…
Zvika
- 233
- 5
- 10
3
votes
3 answers
Linux: sssd cache not being cleaned upon server reboot, what could be the cause and how can it be changed?
I'm using sssd in order to work with LDAP users and groups within our Linux environment.
I had to rename the LDAP group of one of my Linux users and I noticed that after I finished editing the group, when I ran:
id username on the Linux machine it…
Itai Ganot
- 10,644
- 29
- 93
- 146
3
votes
4 answers
vsFTPd authenticating with SSSD
I am currently trying to setup an FTP sever that authenticates through Active Directory using SSSD.
My config files are as follows:
/etc/vsftpd/vsftpd:
[root@StudentOrgFTP vsftpd]# cat…
Jeremy Spencer
- 31
- 1
- 3
3
votes
2 answers
Cannot authenticate in Active Directory using security/sssd from FreeBSD ports
I'm trying to implement security/sssd port in a FreeBSD 10.0 system. My main goal is to authenticate users from Active Directory running on Windows Server 2012 R2.
I would like to know if anyone had success using this port (or package). I can't even…
Vinícius Ferrão
- 5,520
- 11
- 55
- 95
3
votes
2 answers
Linux nested groups with winbind
We have several RHEL6 servers connected to Active Directory using winbind. All servers are configured identically using a configuration management tool. Servers however produce different results when querying groups using the groups command and/or…
Antitribu
- 1,719
- 3
- 23
- 37
3
votes
1 answer
Prevent sssd from using ldap to authenticate or id specific users for chef
I'm trying to use chef to add/modify a few local user accounts. For whatever reason there are duplicate accounts in LDAP. Since the system uses sssd/pam/ldap, it sees the user as existing, but is unable to modify them because they are not in…
lmickh
- 350
- 1
- 3
- 11
3
votes
1 answer
What to do when local usernames conflict with network usernames
We use Puppet to manage our Linux desktop machines and SSSD to authenticate our users against a central authentication system. Recently when setting up a few new machines we found that puppet was halting in the middle of installing software…
OEP
- 183
- 9
3
votes
1 answer
SSSD installation directory is empty
When I try to install SSSD using yum install sssd terminal writes that installation completed fine, but when I try to service sssd start it writes
sssd: unrecognized service
Then when I attemp to start it using /etc/init.d/sssd start I get an…
MyTitle
- 551
- 1
- 8
- 18