On Thu, Nov 2, 2017 at 9:14 PM, Mario Rossi wrote:
> There are a couple of things to check, older versions of sssd package sudo
> in a separate rpm and not all versions of sudo integrate with sssd, upgrade
> to the latest sudo package that your distro supports, just in case.
>
> If sssd.conf has
There are a couple of things to check, older versions of sssd package
sudo in a separate rpm and not all versions of sudo integrate with sssd,
upgrade to the latest sudo package that your distro supports, just in case.
If sssd.conf has the proper refereces to sudo e.g.
services = nss, pam, sud
On 3 November 2017 at 09:02, Lukas Slebodnik wrote:
> On (03/11/17 08:53), Lachlan Musicman wrote:
> >On 3 November 2017 at 08:19, Lukas Slebodnik wrote:
> >
> >> On (02/11/17 08:20), Lachlan Musicman wrote:
> >> >Last night sssd shutdown on one of my servers.
> >> >
> >> >I had updated the IPA
On 2 November 2017 at 19:44, Sumit Bose wrote:
> On Thu, Nov 02, 2017 at 08:20:49AM +1100, Lachlan Musicman wrote:
> > Last night sssd shutdown on one of my servers.
> >
> > I had updated the IPA server earlier in the day - but only patches to
> > 4.5.0, nothing major.
> >
> > The error I saw thi
On (03/11/17 08:53), Lachlan Musicman wrote:
>On 3 November 2017 at 08:19, Lukas Slebodnik wrote:
>
>> On (02/11/17 08:20), Lachlan Musicman wrote:
>> >Last night sssd shutdown on one of my servers.
>> >
>> >I had updated the IPA server earlier in the day - but only patches to
>> >4.5.0, nothing m
On 3 November 2017 at 08:19, Lukas Slebodnik wrote:
> On (02/11/17 08:20), Lachlan Musicman wrote:
> >Last night sssd shutdown on one of my servers.
> >
> >I had updated the IPA server earlier in the day - but only patches to
> >4.5.0, nothing major.
> >
> >The error I saw this AM was:
> >
> >
>
On (02/11/17 08:20), Lachlan Musicman wrote:
>Last night sssd shutdown on one of my servers.
>
>I had updated the IPA server earlier in the day - but only patches to
>4.5.0, nothing major.
>
>The error I saw this AM was:
>
>
>(Wed Nov 1 17:08:22 2017) [sssd[be[unix.domain.com]]] [orderly_shutdown]
On Fri, Oct 27, 2017 at 10:53 AM, Mario Rossi wrote:
> What OS are you using ? I am using Centos 6 with RSA ( fixed password +
> PIN ) + sssd/ldap auth , so yes, that does give you BOTH prompts, one for
> RSA and one for LDAP. If you need to ONLY use RSA w account lookup from
> sssd/ldap, then y
Am 02.11.2017 um 17:00 schrieb Mario Rossi:
> If using own objectclass, I would think you will use custom attributes ?
>
> ldap_group_member = *hMemberDN*
> ldap_user_member_of = *description*
This is what I did now. Let's put everything together what I did:
1. I created my own ObjectClasses
---
On Thu, Nov 02, 2017 at 04:20:13PM +0100, Stefan Kania wrote:
> Hello Sumit,
> >> filter="(&(objectClass=posixAccount)(uid=*)(uidNumber=*)(gidNumber=*))"
> >> ---
> >> Is it possible to change the Filter:
> >> (&(objectClass=posixAccount)(uid=*)(uidNumber=*)(gidNumber=*))
> >
> > D
Hi
I like to authenticate user based on uid if meets the following two
requirements
ldap_search_base = ou=People,dc=mnet,dc=qintra,dc=com
ldap_access_order = filter
ldap_access_filter = objectClass=mnetPerson
and
ldap_search_base = ou=ACL Groups,ou=Groups,dc=mnet,dc=qintra,dc=com
ldap_access_fi
If using own objectclass, I would think you will use custom attributes ?
ldap_group_member = *hMemberDN*
ldap_user_member_of = *description*
Thanks
On 11/02/2017 08:15 AM, Stefan Kania wrote:
Hello,
I would like to change the search-filter for sssd because I created my
own Group-Objectclass,
Hello Sumit,
>> filter="(&(objectClass=posixAccount)(uid=*)(uidNumber=*)(gidNumber=*))"
>> ---
>> Is it possible to change the Filter:
>> (&(objectClass=posixAccount)(uid=*)(uidNumber=*)(gidNumber=*))
>
> Does the ldap_group_object_class option help? See man sssd-ldap for
> details
On Thu, Nov 02, 2017 at 01:26:43PM +, Hampus Lundqvist wrote:
> Hi
> I'm looking for a solution where I can get retrieve one users keytab to
> several ipa-clients.
> Tried with ipa-getkeytab first, but previous keytab seems to become invalid.
> (running ipa-client 3.x from RHEL6 and ipa-serve
On Thu, Nov 02, 2017 at 01:15:05PM +0100, Stefan Kania wrote:
> Hello,
>
> I would like to change the search-filter for sssd because I created my
> own Group-Objectclass, but if I do a "getent group" I will not see my
> own group.
> My sssd.conf looks like this:
> --
> [sssd]
> con
Hi
I'm looking for a solution where I can get retrieve one users keytab to several
ipa-clients.
Tried with ipa-getkeytab first, but previous keytab seems to become invalid.
(running ipa-client 3.x from RHEL6 and ipa-server 4.5 (rhel7)).
Does anyone have a suggestion on how we accomplish this, wi
Hello,
I would like to change the search-filter for sssd because I created my
own Group-Objectclass, but if I do a "getent group" I will not see my
own group.
My sssd.conf looks like this:
--
[sssd]
config_file_version = 2
services = nss, pam
domains = LDAP
[domain/LDAP]
ldap_sche
On Thu, Nov 02, 2017 at 08:20:49AM +1100, Lachlan Musicman wrote:
> Last night sssd shutdown on one of my servers.
>
> I had updated the IPA server earlier in the day - but only patches to
> 4.5.0, nothing major.
>
> The error I saw this AM was:
>
>
> (Wed Nov 1 17:08:22 2017) [sssd[be[unix.do
18 matches
Mail list logo