[SSSD-users] Re: sssd with OTP does not work in all cases.

On Thu, Nov 2, 2017 at 9:14 PM, Mario Rossi wrote: > There are a couple of things to check, older versions of sssd package sudo > in a separate rpm and not all versions of sudo integrate with sssd, upgrade > to the latest sudo package that your distro supports, just in case.

[SSSD-users] Re: sssd with OTP does not work in all cases.

There are a couple of things to check, older versions of sssd package sudo in a separate rpm and not all versions of sudo integrate with sssd, upgrade to the latest sudo package that your distro supports, just in case. If sssd.conf has the proper refereces to sudo e.g. services = nss, pam,

[SSSD-users] Re: Weird SSSD shutdown

On 3 November 2017 at 09:02, Lukas Slebodnik wrote: > On (03/11/17 08:53), Lachlan Musicman wrote: > >On 3 November 2017 at 08:19, Lukas Slebodnik wrote: > > > >> On (02/11/17 08:20), Lachlan Musicman wrote: > >> >Last night sssd shutdown on one of my

[SSSD-users] Re: Weird SSSD shutdown

On (03/11/17 08:53), Lachlan Musicman wrote: >On 3 November 2017 at 08:19, Lukas Slebodnik wrote: > >> On (02/11/17 08:20), Lachlan Musicman wrote: >> >Last night sssd shutdown on one of my servers. >> > >> >I had updated the IPA server earlier in the day - but only patches

[SSSD-users] Re: Weird SSSD shutdown

On 3 November 2017 at 08:19, Lukas Slebodnik wrote: > On (02/11/17 08:20), Lachlan Musicman wrote: > >Last night sssd shutdown on one of my servers. > > > >I had updated the IPA server earlier in the day - but only patches to > >4.5.0, nothing major. > > > >The error I saw

[SSSD-users] Re: Weird SSSD shutdown

On (02/11/17 08:20), Lachlan Musicman wrote: >Last night sssd shutdown on one of my servers. > >I had updated the IPA server earlier in the day - but only patches to >4.5.0, nothing major. > >The error I saw this AM was: > > >(Wed Nov 1 17:08:22 2017) [sssd[be[unix.domain.com]]]

[SSSD-users] Re: sssd with OTP does not work in all cases.

On Fri, Oct 27, 2017 at 10:53 AM, Mario Rossi wrote: > What OS are you using ? I am using Centos 6 with RSA ( fixed password + > PIN ) + sssd/ldap auth , so yes, that does give you BOTH prompts, one for > RSA and one for LDAP. If you need to ONLY use RSA w account lookup

[SSSD-users] Re: Change LDAP-Filter for SSSD

Am 02.11.2017 um 17:00 schrieb Mario Rossi: > If using own objectclass, I would think you will use custom attributes ? > > ldap_group_member = *hMemberDN* > ldap_user_member_of = *description* This is what I did now. Let's put everything together what I did: 1. I created my own ObjectClasses

[SSSD-users] Re: Change LDAP-Filter for SSSD

On Thu, Nov 02, 2017 at 04:20:13PM +0100, Stefan Kania wrote: > Hello Sumit, > >> filter="(&(objectClass=posixAccount)(uid=*)(uidNumber=*)(gidNumber=*))" > >> --- > >> Is it possible to change the Filter: > >> (&(objectClass=posixAccount)(uid=*)(uidNumber=*)(gidNumber=*)) > > > >

[SSSD-users] How to match multiple access filter for a uid

Hi I like to authenticate user based on uid if meets the following two requirements ldap_search_base = ou=People,dc=mnet,dc=qintra,dc=com ldap_access_order = filter ldap_access_filter = objectClass=mnetPerson and ldap_search_base = ou=ACL Groups,ou=Groups,dc=mnet,dc=qintra,dc=com

[SSSD-users] Re: Change LDAP-Filter for SSSD

If using own objectclass, I would think you will use custom attributes ? ldap_group_member = *hMemberDN* ldap_user_member_of = *description* Thanks On 11/02/2017 08:15 AM, Stefan Kania wrote: Hello, I would like to change the search-filter for sssd because I created my own Group-Objectclass,

[SSSD-users] Re: Change LDAP-Filter for SSSD

Hello Sumit, >> filter="(&(objectClass=posixAccount)(uid=*)(uidNumber=*)(gidNumber=*))" >> --- >> Is it possible to change the Filter: >> (&(objectClass=posixAccount)(uid=*)(uidNumber=*)(gidNumber=*)) > > Does the ldap_group_object_class option help? See man sssd-ldap for >

[SSSD-users] Re: keytab retrieval for user into several servers

On Thu, Nov 02, 2017 at 01:26:43PM +, Hampus Lundqvist wrote: > Hi > I'm looking for a solution where I can get retrieve one users keytab to > several ipa-clients. > Tried with ipa-getkeytab first, but previous keytab seems to become invalid. > (running ipa-client 3.x from RHEL6 and

[SSSD-users] keytab retrieval for user into several servers

Hi I'm looking for a solution where I can get retrieve one users keytab to several ipa-clients. Tried with ipa-getkeytab first, but previous keytab seems to become invalid. (running ipa-client 3.x from RHEL6 and ipa-server 4.5 (rhel7)). Does anyone have a suggestion on how we accomplish this,

[SSSD-users] Change LDAP-Filter for SSSD

Hello, I would like to change the search-filter for sssd because I created my own Group-Objectclass, but if I do a "getent group" I will not see my own group. My sssd.conf looks like this: -- [sssd] config_file_version = 2 services = nss, pam domains = LDAP [domain/LDAP]

[SSSD-users] Re: Weird SSSD shutdown

On Thu, Nov 02, 2017 at 08:20:49AM +1100, Lachlan Musicman wrote: > Last night sssd shutdown on one of my servers. > > I had updated the IPA server earlier in the day - but only patches to > 4.5.0, nothing major. > > The error I saw this AM was: > > > (Wed Nov 1 17:08:22 2017)