Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [sssd]

System Security Services Daemon (SSSD) - This project provides a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for FreeIPA, LDAP, & Active Directory.

353 questions
1
vote
1 answer

ldapclient authentication with sssd

All, i'm stuck with ldap client and sssd authentication. i started sssd in debug mode and it says [sdap_get_users_done] (0x0040): Failed to retrieve users is posix account mandate for linux authentication against LDAP server? i dont see…
snehal s
  • 179
  • 1
  • 3
  • 8
1
vote
0 answers

Ubuntu 18.04 Server Join Domain LDAP DNS Confusion

I have a domain setup with mixed systems. It's running Win2k16 server. Some clients are Windows and some are Linux. Most Linux clients are Ubuntu servers, in this case an 18.04. The Ubuntu 16s I have setup with an older winbind join are functioning…
Will
  • 111
  • 1
1
vote
1 answer

Centos 7 joined to AWS simple ad but can't query users

For the love of all that is holy - been at this for a solid 12 hours straight. I've added my centos machine to my simple AD service in AWS. Following the steps outlined here…
Sim
  • 111
  • 4
1
vote
1 answer

Authenticating Linux Login against Active Directory (AD) without Joining Linux Machine to AD Domain

I have a conventional Active Directory Infra deployed on Windows VMs on Azure. There is no Integration of this convention AD with Azure AD. I want Linux VMs on Azure with SLES 12 SP3 to authenticate against our conventional AD setup, without needing…
The Bahree
  • 23
  • 1
  • 7
1
vote
0 answers

SSSD Default Domain Suffix no longer works

We have several EC-2 instances in an IPA domain with a trust relationship to our Active Directory Domain. On older instances ssh doesn't require the domain suffix from a Windows machine. But on newer instances the username is invalid and only works…
Juna
  • 11
  • 3
1
vote
1 answer

Can I disable dynamic dns update during "realm join"?

When (re-)joining an EL7 system to the AD domain, something somewhere issues a dynamic dns update for $FQDN. How can I suppress that? The sssd.conf itself is pre-populated with [domain/ad.example.com] dyndns_update = false dnydns_iface = eno1, eth0,…
bgStack15
  • 1,111
  • 1
  • 12
  • 23
1
vote
1 answer

mounting DFS filesystem with remote shares in it on Arch Linux

I have laptop joined to domain AAA. Have two DFS namespace servers which are also AD DC with Win Server 2012 R2. NAS is Synology server with CIFS enabled/domain joined. Servers: dc1.domain1.local - ip 10.8.0.3 dc2.domain1.local - ip…
pszafer
  • 131
  • 4
1
vote
1 answer

Kerberos delegation with Apache, SSSD and FreeIPA

Let me start from describing my real goal, because I am not sure that I am trying to solve it in a proper way =) I am simply trying to make my web application obtain Kerberos credentials on behalf of the user who logs in. The webserver is part of my…
Dmitry Perets
  • 133
  • 4
1
vote
1 answer

How do I authenticate against ldap.google.com?

I've set up SSSD and openldap to successfully query ldaps://ldap.google.com. I can use ldapsearch to perform queries and can interact with the directory using both sssctl and getent. Unfortunately all my attempts to authenticate as a user in the…
bfallik
  • 121
  • 1
  • 2
1
vote
0 answers

Authentification with other user than root using keyfile-authentification on ubuntu machine

I tried to add a user which is able to authentificate using the keyfile authentification method to authentificate on a linux ubuntu machine. I tried now 2 full days but I failed to set this up. Here is what I've done so far: I added a user…
Oscar Schreyer
  • 11
  • 2
1
vote
1 answer

SSSD with e-mail address LDAP usernames

I have a small SFTP server setup using SSSD to authenticate users via LDAP using SSH keys. This works completely fine for basic usernames (i.e "ausername") but I've been requested to make a change so users login with their email addresses instead,…
Ashley Kell
  • 21
  • 4
1
vote
0 answers

How to set up System Security Services Daemon(SSSD) to authenticate users against Azure Active Directory

I have set Azure Active Directory(AD) up and running along with Azure AD Domain Services in which a single domain with secure LDAP is configured. On a Linux server, I have tested whether it can communicate with the AD by ldapsearch command and it is…
d-_-b
  • 153
  • 1
  • 7
1
vote
1 answer

Authentication with SSSD

I'm currently working on a project in my internship at an organisation, and it is honestly a bit of challenge, so I hope you guys can help me out. Background: The organisation I'm working in has a production environment of 120+ servers, mostly…
Frisbee57
  • 27
  • 1
  • 3
1
vote
1 answer

SSSD: How to force users in different groups use different shells

I have an Active Directory working as id, access and auth provider for my CentOS 7 servers using sssd. I have been following this post in order to have users from different groups use different shells as they login but I have some issues. Here is my…
Edgar Sampere
  • 85
  • 1
  • 9
1
vote
0 answers

Graceful 'Access denied' message when SSH to a server protected with SSSD fails

I'm using SSSD on Ubuntu for authn/authz. This works great, but I am getting a "Server unexpectedly closed network connection" when I try to SSH to the box with an unauthorized user. I can log in successfully with an authorized user, and I can get…
robbie
  • 111
  • 2
1 2 3
23 24