I've been running some benchmarks, timing how long it takes nss_ldap
and sssd-ldap configurations to map uid to user names, trying to get an
sssd.conf configuration that performs more or less to the existing
nss_ldap configuration in terms of system responsive and network
utilization. For better
Yup, “files” was first in nsswitch.conf. But now I can’t reproduce it because after removing the user1 user from FreeIPA and adding it back, it’s working as expected. :-/. -KevinOn Nov 30, 2022, at 11:11 AM, Alexey Tikhonov wrote:You need to have 'files' first in all nsswitch.conf databases.If
You need to have 'files' first in all nsswitch.conf databases.
If 'sudo' doesn't respect this then this is a bug in 'sudo.
On Wed, Nov 30, 2022 at 5:59 PM Kevin Vasko wrote:
> So for example.
>
> machine1 enrolled in FreeIPA also has userid:
> user1 - locally (e.g. useradd)
> user1 on machine1
Hi,
On Tue, Nov 29, 2022 at 8:54 PM Jim Burwell wrote:
> On 11/29/22 01:00, Alexey Tikhonov wrote:
>
> Hi,
>
>
> On Tue, Nov 29, 2022 at 2:54 AM Jim Burwell wrote:
>
>> Hi,
>>
>> On a CentOS 7 system bound to an AD domain,
>
>
> Single AD domain or multiple/trusted?
>
> Single domain
>
Do
So for example.
machine1 enrolled in FreeIPA also has userid:
user1 - locally (e.g. useradd)
user1 on machine1 has a defined sudoers of NOPASSWD
FreeIPA also has user1 defined in it.
machine2 enrolled in FreeIPA:
does not have any local accounts.
if user1 logs in, machine2 uses sssd to allow
On 11/29/22 15:43, Kevin Vasko wrote:
passwd: compat systemd sss
group: compat systemd sss
I changed it to be
passwd: files compat systemd sss
group: files compat systemd sss
and still had the same problem.
id_provider=ipa
Yes Ubuntu.
sssd 2.2.3-3ubuntu0.9
This same named user that was
Hi,
> sssd is falling back to sssd even though we have the “files” entry first
That's not 'sssd' but 'sudo'.
What is the output of:
(1) `ps aux | grep sss`
(2) `getent passwd $user`
?
On Tue, Nov 29, 2022 at 8:44 PM Kevin Vasko wrote:
> passwd: compat systemd sss
> group: compat systemd sss