Hi Lukas,
We don't have freeipa. Is it possible to do host based access control using
just ldap and sssd?
On May 27, 2017 1:23 AM, "Lukas Slebodnik" <lsleb...@redhat.com> wrote:
> On (26/05/17 14:34), Ali, Saqib wrote:
> >there has to be better way than that :)
> &
for allowed_users and allowed_groups.
> I am not sure of an easier way to do this.
>
> On 05/26/2017 03:05 PM, Ali, Saqib wrote:
>
> The reason we want to get a list of "allowed" users is for Auditing. We
> have system that goes out and checks allowed users on a system a
. I proposed an RFE to make this
> easier in SSSD, but it is not something that has much focus at this point.
>
> On 05/26/2017 02:47 PM, Ali, Saqib wrote:
>
> We are using SSSD for authentication using LDAP. And I filter the user
> access using *simple_allow_groups* as follows:
>
We are using SSSD for authentication using LDAP. And I filter the user
access using *simple_allow_groups* as follows:
access_provider = simple
simple_allow_groups = Computer Admins
Is it possible to get a list of ONLY allowed users using *getent*?
There is an option enumeration, but this lists
Hello,
We would like to setup SSSD to use AD for User Authentication and
Kerberos for our Linux environment. The User Principal Names (UPN) in
our Active Directory exceed 32 characters occasionally. Will that
cause any issues? On the surface it doesn't look like SSSD will have
any issues. I am
Hello all,
The kerberos provider (Active Directory) in our environments uses all
numeric username. If we configure SSSD to use Active Directory for the
Auth Provider, then we will end up with the All-number Usernames on
Linux.
What are our options?
Note: We are using the Oracle Directory Server
Hello,
How do I configure SSSD to send sssd.log logs to syslog? I would like
to include the DEBUB SSSD logs as well. We would like to feed the sssd
logs to Splunk. Our systems are already configured to send syslog to
Splunk Security Module. So we would like to use that setup, instead of
the
;>
>>Just recreate the folder /var/lib/sss/db and restart sssd and it should be
>>fine.
>>
> More folders need to be created and they need to have right owner
> asn permission.
>
>>Best Regards,
>>Matthieu ROLLA
>>
>>On Sat, Dec 3, 2016 at 1:05 AM,
I deleted /var/lib/sss/ by mistake. Now when I try to start SSSD, I
get the following errors:
(Wed Nov 23 11:40:36:059914 2016) [sssd] [check_file] (0x0400):
lstat for [/var/run/nscd/socket] failed: [2][No such file or
directory].
(Wed Nov 23 11:40:36:061661 2016) [sssd] [ldb] (0x0400):
Thanks Jakub. The diagram on your blogpost is really nice.
So the Sudo Rules are cached by the NSS Responder (sssd_nss)?
On Wed, Nov 30, 2016 at 7:08 AM, Jakub Hrozek <jhro...@redhat.com> wrote:
> On Wed, Nov 30, 2016 at 06:48:59AM -0800, Ali, Saqib wrote:
>> Newbie ques
Newbie question: What does the be stands for in sssd_be? And what is
the function of the sssd_be?
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Hello,
We currently use ldap_access_filter to control who can login into the
machine. But managing these ldap_access_filter across machines is
cumbersome. Is there a better way of implementing HBAC?
Thanks
Saqib
___
sssd-users mailing list --
12 matches
Mail list logo