Am Wed, Feb 09, 2022 at 07:21:33AM -0000 schrieb Sascha Hartl via FreeIPA-users: > Hello > > I'm looking for a solution to use IPA and AD Users via IPA-provider for xorg > Sessions on OL8. > I've found some methods with "access_provider = ad" or "access_provider = > simple" but i use "access_provider = ipa" in the sssd.conf to enforce rules. > > The login an sudo-rulset works fine, i added the service xrdp to the rules on > the server.
Hi, it look like the PAM service name is 'xrdp-sesman', did you use this name when defining the rules? bye, Sumit > > sssd.conf > > [domain/mydomain.com] > id_provider = ipa > dns_discovery_domain = mydomain.com > ipa_server = server.mydomain.com > ipa_domain = mydomain.com > ipa_hostname = host.mydomain.com > auth_provider = ipa > chpass_provider = ipa > access_provider = ipa > cache_credentials = True > ldap_tls_cacert = /etc/ipa/ca.crt > krb5_store_password_if_offline = True > ldap_sudo_smart_refresh_interval = 900 > ldap_sudo_full_refresh_interval = 300 > > [sssd] > services = nss, pam, ssh, sudo > > domains = mydomain.com > [nss] > homedir_substring = /home > > [pam] > > [sudo] > > [autofs] > > [ssh] > > [pac] > > [ifp] > > [secrets] > > but i don't know if i have to set some informations in the xrdp.ini > > [Xorg] > name=Xorg > lib=libxup.so > username=ask > password=ask > ip=127.0.0.1 > port=-1 > code=20 > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
