[SSSD-users] Re: enumerate in sssd.conf

2019-06-05 Thread Dmitri Pal
Hello, Enumeration puts a lot of load on your directory. And with a big directory it can take several minutes pegging CPU and slowing down the performance of the client. Yes it is by design. SSSD will fetch and cache things on as needed basis. There are other means and tools that come with sssd th

[SSSD-users] Re: gdm login with smartcard set wrong username environment variables on RHEL8.0

2019-06-05 Thread Winberg Adam
Any workaround to just set the short name? Not sure what problems using fully qualified usernames might cause but one seems to be that gdm/accountservice does not accept that name format and therefore does not create a file for the user in /var/lib/AccountsService/users/. On 5 Jun 2019 16:32, S

[SSSD-users] Re: gdm login with smartcard set wrong username environment variables on RHEL8.0

2019-06-05 Thread Sumit Bose
On Wed, Jun 05, 2019 at 02:01:23PM +, Winberg Adam wrote: > This is on RHEL8.0. > > Logging into gnome with smartcard results in username environment variables > containing domain: > > $ env > > USER=a001...@ad.example.com > USERNAME=a001...@ad.example.com > LOGNAME=a001...@ad.example.c

[SSSD-users] gdm login with smartcard set wrong username environment variables on RHEL8.0

2019-06-05 Thread Winberg Adam
This is on RHEL8.0. Logging into gnome with smartcard results in username environment variables containing domain: $ env USER=a001...@ad.example.com USERNAME=a001...@ad.example.com LOGNAME=a001...@ad.example.com ... GDM debug log shows: Jun 05 14:06:27 c21637.ad.example.com gdm-smartcard]

[SSSD-users] Re: Identity information not cached for login?

2019-06-05 Thread Manuel Melo
And it's done! All I had to do was to fix my common-account to bypass pam_unix if pam_sss was successful. In my case pam_sss was already in there, only further down the stack. Just had to move it up and adapt the return behavior. This is my final common-account: # moved to here account [success

[SSSD-users] Re: [alexander.fier...@mpi-dortmund.mpg.de: enumerate in sssd.conf]

2019-06-05 Thread Joakim Tjernlund
I have noted that enumerate loses group members(getent group) somewhat randomly(each sssd restart has a different set of lost members) This happens in both 1.16.4 and 2.1.0 Fairly large group db, about 1550 groups On Wed, 2019-06-05 at 10:14 +0200, Jakub Hrozek wrote: Hi, I've set "enumerate =

[SSSD-users] Re: [alexander.fier...@mpi-dortmund.mpg.de: enumerate in sssd.conf]

2019-06-05 Thread Jakub Hrozek
On Wed, Jun 05, 2019 at 10:14:46AM +0200, Jakub Hrozek wrote: > Date: Wed, 5 Jun 2019 10:04:56 +0200 > From: Alexander Fieroch > To: sssd-users-ow...@lists.fedorahosted.org > Subject: enumerate in sssd.conf > User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 > Thunderbird/60.7.

[SSSD-users] [alexander.fier...@mpi-dortmund.mpg.de: enumerate in sssd.conf]

2019-06-05 Thread Jakub Hrozek
--- Begin Message --- Hi, I've set "enumerate = true" in sssd.conf which is working good for me and our AD clients. Now I recognized that RedHat does not recommend "enumerate = true" in sssd.conf: When I disable enumarate in sssd, "getent passwd"