[SSSD-users] Re: sudo does not work with SSSD

2017-10-16 Thread Michael Ströder
Asif Iqbal wrote: > Can I user sssd instead of nss-pam-ldapd for sudo authentication > only and use local sudoers file for rules? Yes. Ciao, Michael. smime.p7s Description: S/MIME Cryptographic Signature ___ sssd-users mailing list --

[SSSD-users] Re: sudo does not work with SSSD

2017-10-16 Thread Asif Iqbal
On Mon, Oct 16, 2017 at 5:37 PM, Lukas Slebodnik wrote: > On (16/10/17 15:16), Asif Iqbal wrote: > >On Mon, Oct 16, 2017 at 1:17 PM, Asif Iqbal wrote: > > > >> > >> On Fri, Oct 13, 2017 at 6:26 PM, Daniel Corrigan < > dancorrig...@gmail.com> > >> wrote: >

[SSSD-users] Re: sudo does not work with SSSD

2017-10-16 Thread Lukas Slebodnik
On (16/10/17 15:16), Asif Iqbal wrote: >On Mon, Oct 16, 2017 at 1:17 PM, Asif Iqbal wrote: > >> >> On Fri, Oct 13, 2017 at 6:26 PM, Daniel Corrigan >> wrote: >> >>> I'm wondering if you have even extended your LDAP schema for sudo. Sudo >>> rules must

[SSSD-users] Re: sudo does not work with SSSD

2017-10-16 Thread Asif Iqbal
On Mon, Oct 16, 2017 at 1:17 PM, Asif Iqbal wrote: > > On Fri, Oct 13, 2017 at 6:26 PM, Daniel Corrigan > wrote: > >> I'm wondering if you have even extended your LDAP schema for sudo. Sudo >> rules must follow a proper schema in order to be valid. >> >

[SSSD-users] Re: sudo does not work with SSSD

2017-10-16 Thread Asif Iqbal
On Fri, Oct 13, 2017 at 6:26 PM, Daniel Corrigan wrote: > I'm wondering if you have even extended your LDAP schema for sudo. Sudo > rules must follow a proper schema in order to be valid. > I suppose I will just use local/proxy->local with sudo since IT wont add a sudo

[SSSD-users] Re: Does anyone use id_provider=local ?

2017-10-16 Thread Mario Rossi
In our environment, regular users authenticate via sssd/ldap, and emergency user(s) via PAM if/when sssd + RSA securid fails. Still running sssd 1.14.2 on el6. Thanks On 10/16/2017 11:04 AM, hedr...@rutgers.edu wrote: On certain servers I want IPA authentication but the local user/group

[SSSD-users] Re: Does anyone use id_provider=local ?

2017-10-16 Thread hedrick
On certain servers I want IPA authentication but the local user/group database. With sssd 1.14, I could specify pam as the only service and put files in /etc/nsswitch.conf. With sssd 1.15, I get extra groups with that setting. I had to set id_provider=none, which is undocumented. I'd be happy

[SSSD-users] Re: SSSD reports errors with GPO formatted using SDDL

2017-10-16 Thread Michal Židek
On 10/14/2017 11:05 AM, Lukas Slebodnik wrote: On (14/10/17 01:42), Daniel Bryan wrote: Hello, I noticed some of our users having linux authentication issues recently. Upon further digging it happened when a GPO was applied to the same OU these linux servers belonged to. The debug logs said