System Security Services Daemon (SSSD) - This project provides a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for FreeIPA, LDAP, & Active Directory.
Questions tagged [sssd]
353 questions
2
votes
1 answer
Failed authentication
I am newbie in this world and I need help.
For the past weeks I have been trying to find the answer to my problem, but withour success.
I am trying to authenticate my CentOS machine against Active Directory (on my Windows Server 2012 machine) via…
estelarules
- 21
- 1
2
votes
2 answers
SSSD fails service discovery for AD Global Catalog despite explicitly defined URIs
I'm running into problems with SSSD and Active Directory integration. My AD is setup with a setup of 9 Domain Controllers, some of which are firewalled and inaccessible for various security reasons. Therefore, service discovery won't work with SSSD.…
John Tabs
- 131
- 2
- 5
2
votes
1 answer
Some AD Users are missing supplemental groups on RHEL Linux
My organization is trying to join our RHEL/CentOS 7 servers to our Microsoft AD domain. The domain controllers consist of 2x Windows 2008R2 servers and 1x Windows 2016 server.
On the Linux side, I'm using realm to join to the domain, which I've…
user436105
- 41
- 1
- 5
2
votes
1 answer
Tune when sssd goes into offline mode
I have a linux server with sssd using an ldap server for the auth backend. The connection to the ldap server is flakey, so I get authentications which are fine and then suddenly one will take forever and timeout, only to be fine the next time it…
Dylan Martin
- 548
- 4
- 14
2
votes
1 answer
SSSD on Centos, Active Directory search returns zero results
Basic Info
I'm running sssd (1.13.3-22) on Centos (6.8) to authenticate with Active Directory (2012). I do not wish to use uid numbers stored in AD, so I have ldap_id_mapping set to true.
When I run "id ValidUsername" I get the response "No Such…
Hank Killinger
- 105
- 1
- 2
- 7
2
votes
2 answers
Add all network users to local group for specific hosts in CentOS7
How would I add a network (sssd-ldap) user to a local group?
More specifically, how can I add all network users who log into a system to a local group?
It doesn't look like authconfig has a setting to add pam_group (unlike pam_access) and pam_group…
84104
- 12,905
- 6
- 45
- 76
2
votes
2 answers
Can sssd provide cross domain group membership?
How can I make sssd search for group memberships in all configured domains?
Given the configuration below, both alice(@bar) and bob(@foo) should be members of testgroup(@bar). However, only alice is considered a member of testgroup by sssd. …
84104
- 12,905
- 6
- 45
- 76
2
votes
1 answer
ipa users cannot sudo on some machines only, including the ipa server
I'm having trouble with freeipa on a few machines. It's been very frustrating to debug so far. Here's the details of the issue;
How it manifests:
The user can login just fine to any host, but on some hosts they can't run sudo commands.
What i…
Sirex
- 5,499
- 2
- 33
- 54
2
votes
2 answers
How to add principals to a keytab when using realmd on CentOS
I joined a server to a MS Active Directory using realmd/sssd.
I installed apache with mod_auth_kerb and created a keytab on a windows server.
But, I need to add more SPNs to the keytab.
I have tried using kadmin, but I get an error:
root@server…
Morten Nilsen
- 318
- 5
- 15
2
votes
2 answers
sssd active directory username same as local user
Hi have a Ubuntu box setup to login to AD.
I can login to AD using usernames that do not match local usernames however I have a local username that also exists in AD and I want to be able to login to AD as that user.
I have tried user@domain and…
Dercni
- 153
- 1
- 2
- 7
2
votes
2 answers
SL7.1 (EL7.1) realm discover not discovering
Dabbling with joining an SciLinux 7.1 (EL7.1) box to an AD domain running on windows 2008R2 64bit.
Following the Red Hat Enterprise Linux 7 Windows Integration Guide:
$ sudo realm discover -v mems.local
* Resolving: _ldap._tcp.mems.local
*…
joe.smith
- 21
- 1
- 1
- 2
2
votes
1 answer
Joining Linux host to Active Directory fails to update Microsoft DNS
I am joining Linux hosts (CentOS 6) to Active Directory using a special bind account. I've granted delegate permissions to this user and when I join on the default Computers OU, a computer object is created and DNS is updated.
Now, I've granted…
Python Novice
- 351
- 1
- 5
- 13
2
votes
1 answer
LDAP authentication - avoid duplicate uidNumber
I have just successfully configured OpenLDAP Users authentication in a single CentOS6 box, based on SSSD. Took some time and many trials, but it's working.
Now, I want to start adding users. I'm doing it manually with .ldif files, based on reference…
Zvika
- 233
- 5
- 10
2
votes
1 answer
'realm join --client-software sssd' on centos-7 joins two realms (one with sssd and one with winbind)
On clean installed centos-7 host:
realm join -U foo --client-software sssd AD.EXAMPLE.COM
After running realm list output looks initially like this:
AD.EXAMPLE.COM
type: kerberos
realm-name: AD.EXAMPLE.COM
domain-name: ad.example.com
…
Ben
- 391
- 1
- 3
- 11
2
votes
1 answer
Using sssd ldap access filter DENY based on group?
I am currently using sssd.conf to only allow login for ldap users that are in a specific group.
I would like to do the opposite and DENY login based on group membership of a user, while allowing all other users that are NOT members of said group to…
Party Time
- 155
- 6