On Wed, Jul 15, 2015 at 01:09:42PM -0700, Angelo Pantano wrote:
> SSSD is able to evaluate group membership, but if for instance I create a
> view for my user and I add a ssh public key I can only use it to login
> passwordless in the IPA server, not on an IPA client. The password still
> works, bu
SSSD is able to evaluate group membership, but if for instance I create a
view for my user and I add a ssh public key I can only use it to login
passwordless in the IPA server, not on an IPA client. The password still
works, but I see nothing in the sssd logs that explains why the pubkey was
reject
I have the same entry there, my question is that I don't understand why it
doesn't it give me any visibility of the AD users mapped in that group, I
mean I just see that entry, but what's that supposed to do? It doesn't
really change anything with or without, I am missing the supposed value of
havi
On Tue, Jul 14, 2015 at 11:06:20AM +0300, Alexander Bokovoy wrote:
> On Tue, 14 Jul 2015, Jan Pazdziora wrote:
> >
> >Would it make sense to have a way of running the SSSD evaluation from
> >the WebUI and showing the results there? Clearly distinguished from
> >the LDAP data, yet exposed in the Web
On Tue, 14 Jul 2015, Jan Pazdziora wrote:
On Tue, Jul 14, 2015 at 09:46:00AM +0300, Alexander Bokovoy wrote:
adm...@adx.test),1878600513(domain us...@adx.test),163447(ad_admins)
You wouldn't see this in the web UI because web UI is showing what is in
the LDAP, not what is visible in the sys
On Tue, Jul 14, 2015 at 09:46:00AM +0300, Alexander Bokovoy wrote:
> adm...@adx.test),1878600513(domain us...@adx.test),163447(ad_admins)
>
> You wouldn't see this in the web UI because web UI is showing what is in
> the LDAP, not what is visible in the system when SSSD evaluates the
> group m
On Mon, 13 Jul 2015, Angelo Pantano wrote:
I have the same entry there, my question is that I don't understand why it
doesn't it give me any visibility of the AD users mapped in that group, I
mean I just see that entry, but what's that supposed to do? It doesn't
really change anything with or wit
On Mon, 13 Jul 2015, Angelo Pantano wrote:
I added the external groups to map my Domain Admins AD group like the
freeipa documentation suggests:
# ipa group-add --desc='ad_domain admins external map' ad_admins_external
--external
# ipa group-add --desc='ad_domain admins' ad_admins
# ipa group-ad
I added the external groups to map my Domain Admins AD group like the
freeipa documentation suggests:
# ipa group-add --desc='ad_domain admins external map' ad_admins_external
--external
# ipa group-add --desc='ad_domain admins' ad_admins
# ipa group-add-member ad_admins_external --external 'ad_ne
