System Security Services Daemon (SSSD) - This project provides a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for FreeIPA, LDAP, & Active Directory.
Questions tagged [sssd]
353 questions
2
votes
1 answer
Samba Shares Without Using Winbind
I am curious if it is possible to use samba shares without using winbind. In our current environment we are using SSSD, Kerberos, and Samba to complete the required tasks such as joining the windows domain and setting up active directory/LDAP. …
user2104891
- 135
- 2
- 12
2
votes
3 answers
Is anyone using access.conf and netgroup authentication with sssd?
I want to be able to authenticate users (via ssh) to specific groups of hosts based on the users' LDAP netgroup membership. The LDAP server is dsee7. The distro is OEL 6.5 with openldap as the client.
The only account we don't want to authenticate…
mr.zog
- 923
- 3
- 20
- 39
2
votes
1 answer
Login with Enterprise Principal Name using sssd AD backend in Ubuntu 14.04 LTS
I’m running sssd version 1.11 with the AD backend in Ubuntu 14.04 LTS (1.11.5-1ubuntu3) to authenticate users from Active Directory running on Windows Server 2012 R2, and I’m trying to achieve logins with the User Principal Name for all users of the…
Vinícius Ferrão
- 5,520
- 11
- 55
- 95
2
votes
2 answers
Where do I specify the Bind DN and password for sss+ldap?
I'm trying sssd for LDAP authentication, and while it can show user IDs with the id command, getent group and getent passwd do not show LDAP names, and while I can chown files to ldap users, they ls -lah as nobody.
A bit of digging and I found a…
Nick
- 4,503
- 29
- 69
- 97
2
votes
1 answer
What is LDAP enumeration?
I have been working with implementing LDAP in our servers. We are using SSSD instead of nscd/nslcd to communicate with the LDAP server.
One of the options in SSSD is enumeration. Enabling it solved an issue we were having while implementing the…
ujjain
- 3,983
- 16
- 53
- 91
2
votes
1 answer
Identity Management for UNIX Password synchronisation gives warning
I installed "Identity Management for UNIX" on win 2008 r2 active directory. I did this because I wanted to have the unix attributes, so I can link linux computers via ldap to the active directory. I followed this tutorial, which worked fine. But…
Isaac
- 1,215
- 3
- 26
- 44
2
votes
2 answers
Can't add local user on system using ldap auth for samba
Trying to add a local user to a CentOS 6.3 system that is using ldap for Samba authentication, but being stymied by the user's existing entry in ldap.
[root@samba ~]# adduser wchandy
adduser: user 'wchandy' already exists
[root@samba ~]# useradd…
Wes Modes
- 151
- 1
- 1
- 8
2
votes
1 answer
Privilege escalation prevent root directly
I think this is going to be my first post on StackExchange side of the house. However, I know that this has to be able to be configured cause I have seen it implemented previously but I don't actually know how it's implemented.
What I'm looking to…
Maxs728
- 121
- 4
2
votes
1 answer
sssd credential chaching does not work
I set up an Centos7 using sssd as authentication system.
The user identies are provided by files (passwd/group, managed by ansible), auth is done via krb5 (provided by active directory).
The sssd.conf looks like this:
[sssd]
domains =…
HalexMg
- 21
- 1
2
votes
1 answer
Using Samba with sssd
I have an OpenSUSE Tumbleweed server that is part of a Windows domain and uses sssd for user authentication. For ssh this is working fine but I cannot get it to work with Samba. When accessing a Samba share from a Windows client I get asked for a…
uli
- 73
- 1
- 2
- 7
2
votes
1 answer
centos 8 - sssd configuration not fetching shadow contents for ldap user
I have configured sssd on centos 8 and ldap on centos 7. I am able to get details about a testuser using getent passwd and getent group , but while testing it for getent shadow I am not getting any details for the testuser. This is causing login…
Sudip
- 21
- 3
2
votes
1 answer
New users unable to ssh or su
All of a sudden, new users cannot ssh into our ubuntu servers. When attempting, the connection will just close. I tried doing an su with my test user who has never logged into the server before and I get a permission denied. When I do a sudo service…
TL_Arwen
- 89
- 1
- 8
2
votes
1 answer
sssd active directory password integration not working
We are in the process of setting up sssd to be used with active directory using the config below.
We do not use attribute mapping as we want to use attributes defined in the AD ldap objects such as custom uid, unixHomeDirectory and public keys…
ZZ9
- 888
- 3
- 16
- 47
1
vote
2 answers
SSSD, openLDAP, MIT Kerberos: "id username" doesn't find enty in LDAP, but ldapsearch does
I have installed openLDAP, MIT Kerberos and SSD on Debian 10 Systems based on this tutorial Integrated Kerberos-OpenLDAP provider on Debian squeeze.
Each of the three components is on its own Proxmox LXC Container.
ldap: 192.168.1.120 …
user12682985
- 23
- 4
1
vote
1 answer
Configuring sudo on CentOS with LDAP run by Synology Diskstation
I am trying to set up a CentOS 8 workstation to authenticate against a LDAP server run by a Synology DiskStation. I have been able to successfully configure SSSD to authenticate users against the server, allowing me to login using my LDAP account.…
Brad
- 11
- 1