: Re: [SSSD] problem with AD nested group expansion, maybe?
On Wed, Dec 04, 2013 at 09:24:58AM +, greg.lehm...@csiro.au wrote:
-Original Message-
From: sssd-devel-boun...@lists.fedorahosted.org [mailto:sssd-devel-
boun...@lists.fedorahosted.org] On Behalf Of steve
Sent
On Wed, 2013-12-04 at 09:19 +0100, steve wrote:
Hi
We have similar (nothing deep) nesting and had similar issues on
openSUSE with 1.9.5. It seems to be fixed on 1.11.x. It's a real pain to
build and install but you could do us all a big favour by putting
pressure on SUSE to get up to date
-Original Message-
From: sssd-devel-boun...@lists.fedorahosted.org [mailto:sssd-devel-
boun...@lists.fedorahosted.org] On Behalf Of steve
Sent: Wednesday, 4 December 2013 6:20 PM
To: sssd-devel@lists.fedorahosted.org
Subject: Re: [SSSD] problem with AD nested group expansion, maybe
-Original Message-
From: sssd-devel-boun...@lists.fedorahosted.org [mailto:sssd-devel-
boun...@lists.fedorahosted.org] On Behalf Of steve
Sent: Wednesday, 4 December 2013 6:22 PM
To: sssd-devel@lists.fedorahosted.org
Subject: Re: [SSSD] problem with AD nested group expansion, maybe
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
Tell you what: You get RHEL to include it and I'll push SUSE about SLES. I
mean 6.5 just came out and they did not
On Wed, Dec 04, 2013 at 09:24:58AM +, greg.lehm...@csiro.au wrote:
Tell you what: You get RHEL to include it and I'll push SUSE about SLES. I
mean 6.5 just came out and they did not increase the version by even a minor
step over 6.4!
Version numbers mean nothing in the enterprise world. To
@lists.fedorahosted.org
Subject: Re: [SSSD] problem with AD nested group expansion, maybe?
On Wed, 2013-12-04 at 00:55 +, greg.lehm...@csiro.au wrote:
It was defined in the first message. Same machine. All I am doing is
stopping sssd clearing cache dbs, restarting and doing some getents
On (04/12/13 16:42), steve wrote:
On Wed, 2013-12-04 at 15:13 +0100, Jakub Hrozek wrote:
On Wed, Dec 04, 2013 at 09:24:58AM +, greg.lehm...@csiro.au wrote:
Tell you what: You get RHEL to include it and I'll push SUSE about SLES. I
mean 6.5 just came out and they did not increase the
-Original Message-
From: sssd-devel-boun...@lists.fedorahosted.org [mailto:sssd-devel-
boun...@lists.fedorahosted.org] On Behalf Of Jakub Hrozek
Sent: Thursday, 5 December 2013 12:14 AM
To: sssd-devel@lists.fedorahosted.org
Subject: Re: [SSSD] problem with AD nested group expansion
-Original Message-
From: sssd-devel-boun...@lists.fedorahosted.org [mailto:sssd-devel-
boun...@lists.fedorahosted.org] On Behalf Of steve
Sent: Thursday, 5 December 2013 1:43 AM
To: sssd-devel@lists.fedorahosted.org
Subject: Re: [SSSD] problem with AD nested group expansion, maybe
Subject: Re: [SSSD] problem with AD nested group expansion, maybe?
On Wed, 2013-12-04 at 15:13 +0100, Jakub Hrozek wrote:
On Wed, Dec 04, 2013 at 09:24:58AM +, greg.lehm...@csiro.au
wrote:
Tell you what: You get RHEL to include it and I'll push SUSE about
SLES. I
mean 6.5
To: sssd-devel@lists.fedorahosted.org
Subject: Re: [SSSD] problem with AD nested group expansion, maybe?
On Wed, 2013-12-04 at 15:13 +0100, Jakub Hrozek wrote:
On Wed, Dec 04, 2013 at 09:24:58AM +, greg.lehm...@csiro.au
wrote:
Tell you what: You get RHEL to include it and I'll push SUSE about
: Re: [SSSD] problem with AD nested group expansion, maybe?
Tell you what: You get RHEL to include it and I'll push SUSE about
SLES. I mean 6.5 just came out and they did not increase the version by
even a minor step over 6.4! There may be more chance of a change with
SLES 12 although
-Original Message-
From: sssd-devel-boun...@lists.fedorahosted.org [mailto:sssd-devel-
boun...@lists.fedorahosted.org] On Behalf Of Jakub Hrozek
Sent: Thursday, 5 December 2013 12:14 AM
To: sssd-devel@lists.fedorahosted.org
Subject: Re: [SSSD] problem with AD nested group expansion
On Tue, Dec 03, 2013 at 07:19:50AM +, greg.lehm...@csiro.au wrote:
I've noticed under 1.9.4 that starting with an empty cache, doing a getent
group does not return all members of the group, sometimes.
The actual group in AD contains some users and some subgroups of users. Not
nested
[mailto:sssd-devel-
boun...@lists.fedorahosted.org] On Behalf Of Jakub Hrozek
Sent: Tuesday, 3 December 2013 7:24 PM
To: sssd-devel@lists.fedorahosted.org
Subject: Re: [SSSD] problem with AD nested group expansion, maybe?
On Tue, Dec 03, 2013 at 07:19:50AM +, greg.lehm...@csiro.au wrote
] On Behalf Of Dmitri Pal
Sent: Wednesday, 4 December 2013 10:04 AM
To: sssd-devel@lists.fedorahosted.org
Subject: Re: [SSSD] problem with AD nested group expansion, maybe?
On 12/03/2013 06:38 PM, greg.lehm...@csiro.au wrote:
I'm using the standard SLES OS 1.9.4 packages. I may get time
I've noticed under 1.9.4 that starting with an empty cache, doing a getent
group does not return all members of the group, sometimes.
The actual group in AD contains some users and some subgroups of users. Not
nested deeply, but multiple subgroups...
If I do a
getent group group1
when the
On 07/04/2012 06:01 PM, Stef Walter wrote:
1) Rewrite the way we kinit with a keytab. Use krb5_init_creds_init()
+ krb5_init_creds_set_keytab() + krb5_init_creds_get() instead of
just krb5_get_init_creds_keytab().
Hmmm, this doesn't seem to be an option. We don't have access to the
On Thu, 2012-07-05 at 10:47 +0200, Stef Walter wrote:
On 07/04/2012 06:01 PM, Stef Walter wrote:
1) Rewrite the way we kinit with a keytab. Use krb5_init_creds_init()
+ krb5_init_creds_set_keytab() + krb5_init_creds_get() instead of
just krb5_get_init_creds_keytab().
Hmmm, this
As you may have seen on the krb5 mailing list [1], there was a problem
with my patch [2] to limit the enctypes requested to those in the keytab.
This patch to krb5 was to help sssd work with keytabs generated by samba
(which has no AES support) when used with AD running on Windows 2008 or
later
On Sat, 2012-03-24 at 16:35 +0100, Marco Pizzoli wrote:
Hi guys,
I would like to report this packaging(?) problem.
As you can see in the following output, there's not a dependency
between the rpm libsss_autofs and sssd.
You're right. Looks like we're (incorrectly) including libsss_autofs.so
On Mon, 2012-03-26 at 08:02 -0400, Stephen Gallagher wrote:
On Sat, 2012-03-24 at 16:35 +0100, Marco Pizzoli wrote:
Hi guys,
I would like to report this packaging(?) problem.
As you can see in the following output, there's not a dependency
between the rpm libsss_autofs and sssd.
Hi guys,
Again I need your help... I'm using and I configured a domain/my_ldap.
During the startup I see these logs:
[cut]
(Tue Feb 7 13:44:04 2012) [sssd[be[my_ldap]]] [sdap_id_op_connect_step]
(0x4000): beginning to connect
(Tue Feb 7 13:44:04 2012) [sssd[be[my_ldap]]]
On Tue, Feb 7, 2012 at 2:10 PM, Stephen Gallagher sgall...@redhat.comwrote:
On Tue, 2012-02-07 at 14:04 +0100, Marco Pizzoli wrote:
Hi guys,
Again I need your help... I'm using and I configured a
domain/my_ldap. During the startup I see these logs:
[cut]
(Tue Feb 7 13:44:04
On Tue, Feb 7, 2012 at 2:10 PM, Stephen Gallagher
sgall...@redhat.comwrote:
On Tue, 2012-02-07 at 14:04 +0100, Marco Pizzoli wrote:
Hi guys,
Again I need your help... I'm using and I configured a
domain/my_ldap. During the startup I see these logs:
[cut]
(Tue Feb 7
On Tue, 2012-02-07 at 14:32 +0100, Jan Zelený wrote:
On Tue, Feb 7, 2012 at 2:10 PM, Stephen Gallagher
sgall...@redhat.comwrote:
On Tue, 2012-02-07 at 14:04 +0100, Marco Pizzoli wrote:
Hi guys,
Again I need your help... I'm using and I configured a
domain/my_ldap. During the
On Tue, 2012-02-07 at 16:12 +0100, Marco Pizzoli wrote:
On Tue, Feb 7, 2012 at 2:41 PM, Stephen Gallagher
sgall...@redhat.com wrote:
On Tue, 2012-02-07 at 14:32 +0100, Jan Zelený wrote:
On Tue, Feb 7, 2012 at 2:10 PM, Stephen Gallagher
sgall...@redhat.comwrote:
On Tue, 2012-02-07 at 17:28 +0100, Marco Pizzoli wrote:
According to that, your LDAP server doesn't support any
authentication
except GSSAPI (probably Kerberos). Obviously ldapsearch still
works, so
it looks to me like the LDAP
On Tue, Feb 7, 2012 at 5:38 PM, Stephen Gallagher sgall...@redhat.comwrote:
On Tue, 2012-02-07 at 17:28 +0100, Marco Pizzoli wrote:
According to that, your LDAP server doesn't support any
authentication
except GSSAPI (probably Kerberos). Obviously ldapsearch
On Tue, 2012-02-07 at 18:06 +0100, Marco Pizzoli wrote:
On Tue, Feb 7, 2012 at 5:38 PM, Stephen Gallagher
sgall...@redhat.com wrote:
On Tue, 2012-02-07 at 17:28 +0100, Marco Pizzoli wrote:
According to that, your LDAP server doesn't support
Hi - We're using SSSD with LDAPS and TLS on redhat, and it's working
fine. I just tried to make it work for unbuntu, but I can't get TLS to
work. I get the following errors:
(Mon Jan 30 14:36:09 2012) [sssd[be[PSFC]]]
[sss_ldap_init_sys_connect_done] (1): ldap_install_tls failed: Connect
Hi - We're using SSSD with LDAPS and TLS on redhat, and it's working
fine. I just tried to make it work for unbuntu, but I can't get TLS to
work. I get the following errors:
(Mon Jan 30 14:36:09 2012) [sssd[be[PSFC]]]
[sss_ldap_init_sys_connect_done] (1): ldap_install_tls failed: Connect
On 01/30/2012 05:06 PM, Mark London wrote:
Hi - We're using SSSD with LDAPS and TLS on redhat, and it's working
fine. I just tried to make it work for unbuntu, but I can't get TLS
to work. I get the following errors:
(Mon Jan 30 14:36:09 2012) [sssd[be[PSFC]]]
Stephen,
I've tried to rearrange the system-auth. However, when offline, I still
cannot login with KDE.
the system-auth looks like this:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
authrequired pam_env.so
auth
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/28/2011 08:17 AM, Andy Kannberg wrote:
Stephen,
I've tried to rearrange the system-auth. However, when offline, I still
cannot login with KDE.
the system-auth looks like this:
#%PAM-1.0
# This file is auto-generated.
# User changes
Hi,
I've got the SSSD packages from RHEL 5.6 installed on a RHEL 5.4 system.
SSSD works fine on the command line and when logging in via KDE. Also
logging on with cached credentials (when network is off) works like a charm,
on the command line.
When I want to login with cached credentials via
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/27/2011 10:06 AM, Andy Kannberg wrote:
Hi,
I've got the SSSD packages from RHEL 5.6 installed on a RHEL 5.4 system.
SSSD works fine on the command line and when logging in via KDE. Also
logging on with cached credentials (when network is
On Fri, Oct 30, 2009 at 01:54:19PM -0700, Jeff Schroeder wrote:
I've built this package for Fedora 10 and am testing it out.
http://kojipkgs.fedoraproject.org/packages/sssd/0.7.1/1.fc12/src/sssd-0.7.1-1.fc12.src.rpm
In /var/log/sssd/sssd.log:
[sssd[be[LDAP]]] [load_backend_module] (0):
39 matches
Mail list logo