[SSSD-users] Re: Do any commercial NAS vendors use the SSD ID mapping algorithm?

2022-05-04 Thread Joakim Tjernlund
On Thu, 2022-05-05 at 00:49 +0200, Joakim Tjernlund wrote: > On Wed, 2022-05-04 at 22:21 +, mythm...@runbox.com wrote: > > Thanks Spike! > > > > It looks like extending the AD to cater for UIDs and GIDs is the most > > supported and least effort change

[SSSD-users] Re: Do any commercial NAS vendors use the SSD ID mapping algorithm?

2022-05-04 Thread Joakim Tjernlund
On Wed, 2022-05-04 at 22:21 +, mythm...@runbox.com wrote: > Thanks Spike! > > It looks like extending the AD to cater for UIDs and GIDs is the most > supported and least effort change to allow us to use any NAS. > > If we get approval, we'll likely come up with a system to populate these >

[SSSD-users] Re: samba version as a fileserver with SSSD and AD - possible?

2021-08-06 Thread Joakim Tjernlund
It should work just fine, I think you should have idmap config XXX: backend = sss not idmap config XXX: backend = sssd though From: Cam Mac Sent: 06 August 2021 17:10 To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] samba version as a

[SSSD-users] Re: Announcing SSSD 2.5.0

2021-05-11 Thread Joakim Tjernlund
On Tue, 2021-05-11 at 11:09 +0200, Joakim Tjernlund wrote: > On Tue, 2021-05-11 at 10:25 +0200, Pavel Březina wrote: > > On 5/10/21 8:10 PM, Joakim Tjernlund wrote: > > > On Mon, 2021-05-10 at 16:01 +, Joakim Tjernlund wrote: > > > > On Mon, 2021-05-10 at 17

[SSSD-users] Re: Announcing SSSD 2.5.0

2021-05-11 Thread Joakim Tjernlund
On Tue, 2021-05-11 at 10:25 +0200, Pavel Březina wrote: > On 5/10/21 8:10 PM, Joakim Tjernlund wrote: > > On Mon, 2021-05-10 at 16:01 +0000, Joakim Tjernlund wrote: > > > On Mon, 2021-05-10 at 17:48 +0200, Pavel Březina wrote: > > > > On 5/10/21 5:12 PM, Joakim Tje

[SSSD-users] Re: Announcing SSSD 2.5.0

2021-05-10 Thread Joakim Tjernlund
On Mon, 2021-05-10 at 16:01 +, Joakim Tjernlund wrote: > On Mon, 2021-05-10 at 17:48 +0200, Pavel Březina wrote: > > On 5/10/21 5:12 PM, Joakim Tjernlund wrote: > > > On Mon, 2021-05-10 at 14:53 +, Joakim Tjernlund wrote: > > > > I decided to test new s

[SSSD-users] Re: Announcing SSSD 2.5.0

2021-05-10 Thread Joakim Tjernlund
On Mon, 2021-05-10 at 17:48 +0200, Pavel Březina wrote: > On 5/10/21 5:12 PM, Joakim Tjernlund wrote: > > On Mon, 2021-05-10 at 14:53 +0000, Joakim Tjernlund wrote: > > > I decided to test new sssd/KCM and this is what I get: > > > > > > - ssh from non

[SSSD-users] Re: Announcing SSSD 2.5.0

2021-05-10 Thread Joakim Tjernlund
On Mon, 2021-05-10 at 14:53 +, Joakim Tjernlund wrote: > I decided to test new sssd/KCM and this is what I get: > > - ssh from non sssd/krb machine to new sssd machine, entered password > ~ $ klist > Ticket cache: KCM:1001 > Default principal: jo...@infinera.com &

[SSSD-users] Re: Announcing SSSD 2.5.0

2021-05-10 Thread Joakim Tjernlund
I decided to test new sssd/KCM and this is what I get: - ssh from non sssd/krb machine to new sssd machine, entered password ~ $ klist Ticket cache: KCM:1001 Default principal: jo...@infinera.com Valid starting ExpiresService principal 10/05/21 16:47:32 11/05/21 02:47:32

[SSSD-users] Re: Funky machine accounts created, then adcli join will not correctly succeed.

2020-11-20 Thread Joakim Tjernlund
If you suspect adcli you can try git: https://cgit.freedesktop.org/realmd/adcli/log/ It was over a year since 0.9.0 was released. On Fri, 2020-11-20 at 10:03 -0600, Spike White wrote: All, This is just an annoyance that occurs periodically and we can't figure out why. We know how to remediate

[SSSD-users] Re: sssd: AD range retrieval fails when enumeration is enabled

2020-10-13 Thread Joakim Tjernlund
On Tue, 2020-10-13 at 16:28 +, Sanjay Agrawal wrote: > > > We are also running into same issue. Do we have any work around for this > issue. Please let me know, if you need any addtional data, We too :) ATM we can avoid using enumeration though. Jocke

[SSSD-users] Re: DNS updates, chicken-and-egg problem during join?

2020-09-19 Thread Joakim Tjernlund
On Fri, 2020-09-18 at 16:55 -0300, Andreas Hasenack wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > Hi, > > I'm verifying under which conditions sssd will

[SSSD-users] Re: Announcing SSSD 2.3.0

2020-05-19 Thread Joakim Tjernlund
On Tue, 2020-05-19 at 13:26 +, Joakim Tjernlund wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > On Tue, 2020-05-19 at 13:09 +0200, P

[SSSD-users] Re: Announcing SSSD 2.3.0

2020-05-19 Thread Joakim Tjernlund
On Tue, 2020-05-19 at 13:09 +0200, Pavel Březina wrote: Tried to build 2.3.0 and got this: ./configure --prefix=/usr --build=i686-pc-linux-gnu --host=i686-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib

[SSSD-users] Re: sssd behavior when most AD controllers blocked?

2020-05-11 Thread Joakim Tjernlund
On Mon, 2020-05-11 at 09:19 -0500, Spike White wrote: CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. All, sssd migration has been working very well for us -- except in the

[SSSD-users] Re: Use the users Kerberos credentials with 'ldap_sasl_mech = gssapi'

2019-12-06 Thread Joakim Tjernlund
On Fri, 2019-12-06 at 12:25 +0100, Sumit Bose wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > On Fri, Dec 06, 2019 at 11:15:46AM -, Jasper Siepkes wrote:

[SSSD-users] Re: enumerate = true strange/broken ?

2019-09-04 Thread Joakim Tjernlund
On Fri, 2019-08-30 at 18:52 +0200, Sumit Bose wrote: > > On Fri, Aug 30, 2019 at 04:07:39PM +, Joakim Tjernlund wrote: > > Decided to try out 2.2.1 and also gave enumerate a try and got somewhat > > strange results: > > > > sssd # getent gro

[SSSD-users] enumerate = true strange/broken ?

2019-08-30 Thread Joakim Tjernlund
Decided to try out 2.2.1 and also gave enumerate a try and got somewhat strange results: sssd # getent group cjhfj4j_admins:*:145421: No group members ? getent passwd Only list linux system users and myself Where are the rest of the users ? Jocke

[SSSD-users] Re: Replacement for Centrify adcert command

2019-08-15 Thread Joakim Tjernlund
On Thu, 2019-08-15 at 10:20 +0200, Sumit Bose wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > On Tue, Aug 13, 2019 at 02:05:06PM -0400, James Cassell wrote:

[SSSD-users] Re: [alexander.fier...@mpi-dortmund.mpg.de: enumerate in sssd.conf]

2019-06-05 Thread Joakim Tjernlund
I have noted that enumerate loses group members(getent group) somewhat randomly(each sssd restart has a different set of lost members) This happens in both 1.16.4 and 2.1.0 Fairly large group db, about 1550 groups On Wed, 2019-06-05 at 10:14 +0200, Jakub Hrozek wrote: Hi, I've set "enumerate =

[SSSD-users] Re: Announcing SSSD 2.1

2019-03-02 Thread Joakim Tjernlund
On Thu, 2019-02-28 at 09:56 +0100, Jakub Hrozek wrote: > > == SSSD 2.1 === > > The SSSD team is proud to announce the release of version 2.1 of > the System Security Services Daemon. > > As always, the source is available from >

[SSSD-users] Re: Samba 4.8, Winbind and SSSD

2019-01-11 Thread Joakim Tjernlund
On Fri, 2019-01-11 at 13:10 +0100, Sumit Bose wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > On Wed, Jan 09, 2019 at 11:28:24PM -, Carwyn Edwards wrote:

[SSSD-users] Re: Samba 4.8, Winbind and SSSD

2019-01-09 Thread Joakim Tjernlund
On Wed, 2019-01-09 at 23:28 +, Carwyn Edwards wrote: > > > We've just been bitten by the Samba 4.8 rebase in CentOS/RHEL 7.6, > specifically this bit from the RHEL 7.6 release notes: > > "The smbd service no longer queries user and group information from Active > Directory domain

[SSSD-users] Re: \groups: cannot find name for group ID #####\

2018-07-20 Thread Joakim Tjernlund
the interaction on this and thanks to sssdusers asking the original posted question. It really annoys our users On Fri, Jul 20, 2018 at 4:55 PM, Joakim Tjernlund wrote: > Start with replacing compat with files in nsswitch.conf > > > >

[SSSD-users] Re: "groups: cannot find name for group ID #####"

2018-07-20 Thread Joakim Tjernlund
Start with replacing compat with files in nsswitch.conf From: sssdusers.20.retin...@spamgourmet.com Sent: Friday, July 20, 2018 21:47 To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] "groups: cannot find name for group ID #" CAUTION: This email

[SSSD-users] Re: Announcing SSSD 1.16.2

2018-06-13 Thread Joakim Tjernlund
On Tue, 2018-06-12 at 20:56 +0200, Jakub Hrozek wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > On Tue, Jun 12, 2018 at 07:46:55PM +0200, Sumit Bose wrote: >

[SSSD-users] Re: Announcing SSSD 1.16.2

2018-06-12 Thread Joakim Tjernlund
, Sumit Bose wrote: > > On Mon, Jun 11, 2018 at 01:35:53PM +, Joakim Tjernlund wrote: > > > On Mon, 2018-06-11 at 14:09 +0200, Sumit Bose wrote: > > > > > > > > > > > > On Mon, Jun 11, 2018 at 10:50:09AM +, Joakim Tjernlund wrote

[SSSD-users] Re: Announcing SSSD 1.16.2

2018-06-11 Thread Joakim Tjernlund
On Mon, 2018-06-11 at 17:06 +0200, Lukas Slebodnik wrote: > > > On (11/06/18 13:35), Joakim Tjernlund wrote: > > On Mon, 2018-06-11 at 14:09 +0200, Sumit Bose wrote: > > > > > > > > > On Mon, Jun 11, 2018 at 10:50:09AM +, Joakim Tjernlund wrote:

[SSSD-users] Re: Announcing SSSD 1.16.2

2018-06-11 Thread Joakim Tjernlund
On Mon, 2018-06-11 at 14:09 +0200, Sumit Bose wrote: > > > On Mon, Jun 11, 2018 at 10:50:09AM +0000, Joakim Tjernlund wrote: > > On Mon, 2018-06-11 at 10:33 +, Joakim Tjernlund wrote: > > > CAUTION: This email originated from outside of the organization. Do not &

[SSSD-users] Re: Announcing SSSD 1.16.2

2018-06-11 Thread Joakim Tjernlund
On Mon, 2018-06-11 at 10:33 +, Joakim Tjernlund wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > On Mon, 2018-06-11 at 11:35 +0200, Mic

[SSSD-users] Re: Announcing SSSD 1.16.2

2018-06-11 Thread Joakim Tjernlund
On Fri, 2018-06-08 at 21:57 +0200, Jakub Hrozek wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > SSSD 1.16.2 > === > > The SSSD team is proud to

[SSSD-users] Re: Recommended ldb version

2018-05-16 Thread Joakim Tjernlund
that the version of ldb on your system is incompatible with your version of sssd? =G= On Wed, May 16, 2018 at 8:36 AM Joakim Tjernlund <joakim.tjernl...@infinera.com<mailto:joakim.tjernl...@infinera.com>> wrote: Which version(s) of ldb (http://ldb.samba.org) works well for sssd?

[SSSD-users] Recommended ldb version

2018-05-16 Thread Joakim Tjernlund
Which version(s) of ldb (http://ldb.samba.org) works well for sssd? I noticed I have 1.1.29 here which feels a bit old. Jocke ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to

[SSSD-users] Re: Missing keytab == no login ?

2018-04-24 Thread Joakim Tjernlund
On Tue, 2018-04-24 at 11:19 +0100, John Hodrien wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > On Tue, 24 Apr 2018, Joakim Tjernlund wrot

[SSSD-users] Re: Config for joining AD forest and Kerberos cross-domain authentication

2018-04-09 Thread Joakim Tjernlund
On Mon, 2018-04-09 at 16:35 +0200, Sumit Bose wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > On Fri, Apr 06, 2018 at 10:21:11PM +0200, Bastian Rosner wrote:

[SSSD-users] Re: Announcing SSSD 1.16.1

2018-03-13 Thread Joakim Tjernlund
On Mon, 2018-03-12 at 20:36 +0100, Jakub Hrozek wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > > On 12 Mar 2018, at 14:59, Joakim Tje

[SSSD-users] Re: Announcing SSSD 1.16.1

2018-03-12 Thread Joakim Tjernlund
On Sun, 2018-03-11 at 21:38 +0100, Jakub Hrozek wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > > On 9 Mar 2018, at 14:45, Joakim Tje

[SSSD-users] ETA release ?

2018-02-19 Thread Joakim Tjernlund
Seem to recall a new release of sssd was planned some time ago but I don't see one. Change of plans? To what? Jocke ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

[SSSD-users] Re: p11_child showing certificate on smart card not valid

2017-10-19 Thread Joakim Tjernlund
On Thu, 2017-10-19 at 14:13 +0200, Winberg, Adam wrote: > > Got smartcard auth working once I added my smart card cert to my user account > in AD. So thats good! Kerberos/pkinit seems to work also (I already had that > setup to work with pam_krb5 before), also good! > > But is adding the

[SSSD-users] Re: Kerberos Tickets not obtained until restart of SSSD

2017-10-09 Thread Joakim Tjernlund
On Wed, 2017-09-27 at 15:30 +, Sam Weston wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > Hi again, > > The issue with password caching seems to have

[SSSD-users] Re: test if machine is already joined?

2017-08-10 Thread Joakim Tjernlund
On Thu, 2017-08-10 at 11:12 -0500, Robert Giles wrote: > I'll throw this out there (there's no doubt a myriad of other, likely more > reliable ways to do this). > > In Puppet, I'm executing a 'join domain' script unless this condition is > true: > > ... >unless => "/usr/bin/klist -k

[SSSD-users] Re: kerberos ticket not renewed in 15.2/master

2017-07-20 Thread Joakim Tjernlund
On Wed, 2017-07-19 at 17:34 +0200, Joakim Tjernlund wrote: > On Wed, 2017-07-19 at 16:42 +0200, Joakim Tjernlund wrote: > > On Wed, 2017-07-19 at 16:28 +0200, Jakub Hrozek wrote: > > > On Mon, May 29, 2017 at 01:45:00PM +, Joakim Tjernlund wrote: > >

[SSSD-users] Re: kerberos ticket not renewed in 15.2/master

2017-07-19 Thread Joakim Tjernlund
On Wed, 2017-07-19 at 16:42 +0200, Joakim Tjernlund wrote: > On Wed, 2017-07-19 at 16:28 +0200, Jakub Hrozek wrote: > > On Mon, May 29, 2017 at 01:45:00PM +0000, Joakim Tjernlund wrote: > > > FYI, after reverting d3348f49260998880bb7cd3b2fb72d562b1b7a64 our expired > > >

[SSSD-users] Re: kerberos ticket not renewed in 15.2/master

2017-07-19 Thread Joakim Tjernlund
On Wed, 2017-07-19 at 16:28 +0200, Jakub Hrozek wrote: > On Mon, May 29, 2017 at 01:45:00PM +0000, Joakim Tjernlund wrote: > > FYI, after reverting d3348f49260998880bb7cd3b2fb72d562b1b7a64 our expired > > ticket problem is no more. > > > > Jocke > > H

[SSSD-users] Re: 1.15.3/1.16 release timeframe?

2017-07-10 Thread Joakim Tjernlund
On Mon, 2017-07-10 at 16:04 +0200, Jakub Hrozek wrote: > On Tue, Jul 04, 2017 at 12:38:46AM +0300, Timo Aaltonen wrote: > > On 31.05.2017 10:53, Jakub Hrozek wrote: > > > On Wed, May 31, 2017 at 08:19:56AM +1000, Lachlan Musicman wrote: > > > > Hi all, > > > > > > > > I noticed a while ago that

[SSSD-users] Re: login hangs with enumerate = true

2017-06-13 Thread Joakim Tjernlund
On Tue, 2017-06-13 at 18:01 +0200, Jakub Hrozek wrote: > On Tue, Jun 13, 2017 at 12:12:05PM +0000, Joakim Tjernlund wrote: > > > It is now :) was in the wrong section before > > > > timeout = 30 in domain section SEEMS to help, no problem since yesterday. >

[SSSD-users] Re: login hangs with enumerate = true

2017-06-13 Thread Joakim Tjernlund
On Tue, 2017-06-13 at 17:59 +0200, Jakub Hrozek wrote: > On Tue, Jun 13, 2017 at 12:34:41PM +0000, Joakim Tjernlund wrote: > > > timeout = 30 in domain section SEEMS to help, no problem since yesterday. > > > What did I really do here? > > > > > > > H

[SSSD-users] Re: login hangs with enumerate = true

2017-06-13 Thread Joakim Tjernlund
On Tue, 2017-06-13 at 14:12 +0200, Joakim Tjernlund wrote: > On Mon, 2017-06-12 at 18:06 +0200, Joakim Tjernlund wrote: > > On Mon, 2017-06-12 at 17:51 +0200, Jakub Hrozek wrote: > > > On Mon, Jun 12, 2017 at 03:38:28PM +, Joakim Tjernlund wrote: > > > > On

[SSSD-users] Re: login hangs with enumerate = true

2017-06-13 Thread Joakim Tjernlund
On Mon, 2017-06-12 at 18:06 +0200, Joakim Tjernlund wrote: > On Mon, 2017-06-12 at 17:51 +0200, Jakub Hrozek wrote: > > On Mon, Jun 12, 2017 at 03:38:28PM +0000, Joakim Tjernlund wrote: > > > On Mon, 2017-06-12 at 17:32 +0200, Joakim Tjernlund wrote: > > > > On

[SSSD-users] Re: login hangs with enumerate = true

2017-06-12 Thread Joakim Tjernlund
On Mon, 2017-06-12 at 17:57 +0200, Jakub Hrozek wrote: > On Mon, Jun 12, 2017 at 03:21:43PM +0000, Joakim Tjernlund wrote: > > On Mon, 2017-06-12 at 16:01 +0200, Jakub Hrozek wrote: > > > On Mon, Jun 12, 2017 at 01:53:27PM +, Joakim Tjernlund wrote: > > > > On

[SSSD-users] Re: login hangs with enumerate = true

2017-06-12 Thread Joakim Tjernlund
On Mon, 2017-06-12 at 17:32 +0200, Joakim Tjernlund wrote: > On Mon, 2017-06-12 at 16:01 +0200, Jakub Hrozek wrote: > > On Mon, Jun 12, 2017 at 01:53:27PM +0000, Joakim Tjernlund wrote: > > > On Sun, 2017-06-11 at 20:55 +0200, Jakub Hrozek wrote: > > > > On Sat, Ju

[SSSD-users] Re: login hangs with enumerate = true

2017-06-12 Thread Joakim Tjernlund
On Mon, 2017-06-12 at 16:01 +0200, Jakub Hrozek wrote: > On Mon, Jun 12, 2017 at 01:53:27PM +0000, Joakim Tjernlund wrote: > > On Sun, 2017-06-11 at 20:55 +0200, Jakub Hrozek wrote: > > > On Sat, Jun 10, 2017 at 07:56:47AM +, Joakim Tjernlund wrote: > > > > On

[SSSD-users] Re: login hangs with enumerate = true

2017-06-12 Thread Joakim Tjernlund
On Mon, 2017-06-12 at 16:01 +0200, Jakub Hrozek wrote: > On Mon, Jun 12, 2017 at 01:53:27PM +0000, Joakim Tjernlund wrote: > > On Sun, 2017-06-11 at 20:55 +0200, Jakub Hrozek wrote: > > > On Sat, Jun 10, 2017 at 07:56:47AM +, Joakim Tjernlund wrote: > > > > On

[SSSD-users] Re: login hangs with enumerate = true

2017-06-12 Thread Joakim Tjernlund
On Sun, 2017-06-11 at 20:55 +0200, Jakub Hrozek wrote: > On Sat, Jun 10, 2017 at 07:56:47AM +0000, Joakim Tjernlund wrote: > > On Sat, 2017-06-10 at 08:24 +0200, Jakub Hrozek wrote: > > > On Fri, Jun 09, 2017 at 04:28:45PM +, Joakim Tjernlund wrote: > > > > bo

[SSSD-users] Re: login hangs with enumerate = true

2017-06-12 Thread Joakim Tjernlund
On Mon, 2017-06-12 at 09:19 +0100, John Hodrien wrote: > On Sun, 11 Jun 2017, Jakub Hrozek wrote: > > > Oh, sure. The other alternative might be to mount the cache to tmpfs. > > I'm an advocate of this method. With older versions of SSSD, against our > relatively large AD, the performance boost

[SSSD-users] Re: login hangs with enumerate = true

2017-06-10 Thread Joakim Tjernlund
On Sat, 2017-06-10 at 08:24 +0200, Jakub Hrozek wrote: > On Fri, Jun 09, 2017 at 04:28:45PM +0000, Joakim Tjernlund wrote: > > both 1.15.2 and git master hangs after less than 24 hour on > > a server. > > > > I can see this repeating the domain log: > > >

[SSSD-users] login hangs with enumerate = true

2017-06-09 Thread Joakim Tjernlund
both 1.15.2 and git master hangs after less than 24 hour on a server. I can see this repeating the domain log: (Fri Jun  9 18:21:49 2017) [sssd[be[infinera.com]]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Fri Jun  9 18:21:49 2017) [sssd[be[infinera.com]]] [ldb] (0x0010): A

[SSSD-users] Re: sssd auto refresh of keytab entries?

2017-06-02 Thread Joakim Tjernlund
On Fri, 2017-06-02 at 11:37 +0200, Sumit Bose wrote: > On Fri, Jun 02, 2017 at 09:11:13AM +0000, Joakim Tjernlund wrote: > > Vi are seeing extra keytab entries in krb5.keytab here and there: > > klist -k > > > > 11 host/gento...@infinera.com > &

[SSSD-users] sssd auto refresh of keytab entries?

2017-06-02 Thread Joakim Tjernlund
Vi are seeing extra keytab entries in krb5.keytab here and there: klist -k 11 host/gento...@infinera.com 12 host/gento...@infinera.com ... I suspect sssd has added them, but why? and how? Jocke ___ sssd-users mailing list --

[SSSD-users] Re: 1.15.3/1.16 release timeframe?

2017-05-31 Thread Joakim Tjernlund
On Wed, 2017-05-31 at 15:41 +0200, Lukas Slebodnik wrote: > On (31/05/17 12:45), Joakim Tjernlund wrote: > > On Wed, 2017-05-31 at 10:54 +0200, Jakub Hrozek wrote: > > > On Wed, May 31, 2017 at 10:09:26AM +0200, Lukas Slebodnik wrote: > > > > On (31/05/17

[SSSD-users] Re: 1.15.3/1.16 release timeframe?

2017-05-31 Thread Joakim Tjernlund
On Wed, 2017-05-31 at 10:54 +0200, Jakub Hrozek wrote: > On Wed, May 31, 2017 at 10:09:26AM +0200, Lukas Slebodnik wrote: > > On (31/05/17 08:19), Lachlan Musicman wrote: > > > Hi all, > > > > > > I noticed a while ago that 1.15.3 was versioned in the repo but I've not > > > seen anything

[SSSD-users] Re: kerberos ticket not renewed in 15.2/master

2017-05-29 Thread Joakim Tjernlund
On Tue, 2017-05-23 at 17:40 +0200, Joakim Tjernlund wrote: > On Tue, 2017-05-23 at 15:45 +0200, Joakim Tjernlund wrote: > > On Tue, 2017-05-23 at 15:31 +0200, Jakub Hrozek wrote: > > > On Tue, May 23, 2017 at 01:03:49PM +, Joakim Tjernlund wrote: > > > > On

[SSSD-users] Re: kerberos ticket not renewed in 15.2/master

2017-05-23 Thread Joakim Tjernlund
On Tue, 2017-05-23 at 15:45 +0200, Joakim Tjernlund wrote: > On Tue, 2017-05-23 at 15:31 +0200, Jakub Hrozek wrote: > > On Tue, May 23, 2017 at 01:03:49PM +0000, Joakim Tjernlund wrote: > > > On Tue, 2017-05-23 at 11:40 +0200, Lukas Slebodnik wrote: > > > > On (23/

[SSSD-users] Re: kerberos ticket not renewed in 15.2/master

2017-05-23 Thread Joakim Tjernlund
On Tue, 2017-05-23 at 15:31 +0200, Jakub Hrozek wrote: > On Tue, May 23, 2017 at 01:03:49PM +0000, Joakim Tjernlund wrote: > > On Tue, 2017-05-23 at 11:40 +0200, Lukas Slebodnik wrote: > > > On (23/05/17 09:19), Joakim Tjernlund wrote: > > > > On Tue, 2017-05-23 a

[SSSD-users] Re: kerberos ticket not renewed in 15.2/master

2017-05-23 Thread Joakim Tjernlund
On Tue, 2017-05-23 at 11:40 +0200, Lukas Slebodnik wrote: > On (23/05/17 09:19), Joakim Tjernlund wrote: > > On Tue, 2017-05-23 at 11:07 +0200, Lukas Slebodnik wrote: > > > On (23/05/17 08:39), Joakim Tjernlund wrote: > > > > On Tue, 2017-05-23 at 10:11

[SSSD-users] Re: kerberos ticket not renewed in 15.2/master

2017-05-23 Thread Joakim Tjernlund
On Tue, 2017-05-23 at 11:07 +0200, Lukas Slebodnik wrote: > On (23/05/17 08:39), Joakim Tjernlund wrote: > > On Tue, 2017-05-23 at 10:11 +0200, Joakim Tjernlund wrote: > > > On Mon, 2017-05-22 at 22:29 +0200, Lukas Slebodnik wrote: > > > > On (22/05/17

[SSSD-users] Re: kerberos ticket not renewed in 15.2/master

2017-05-23 Thread Joakim Tjernlund
On Tue, 2017-05-23 at 10:11 +0200, Joakim Tjernlund wrote: > On Mon, 2017-05-22 at 22:29 +0200, Lukas Slebodnik wrote: > > On (22/05/17 14:53), Joakim Tjernlund wrote: > > > > The time is not synchronised between client and server. > > > > MIT krb5 can handle

[SSSD-users] Re: kerberos ticket not renewed in 15.2/master

2017-05-23 Thread Joakim Tjernlund
On Mon, 2017-05-22 at 22:29 +0200, Lukas Slebodnik wrote: > On (22/05/17 14:53), Joakim Tjernlund wrote: > > > The time is not synchronised between client and server. > > > MIT krb5 can handle small offset. But I would highly recommends > > > to keep time in syn

[SSSD-users] Re: kerberos ticket not renewed in 15.2/master

2017-05-22 Thread Joakim Tjernlund
On Mon, 2017-05-22 at 16:38 +0200, Lukas Slebodnik wrote: > On (22/05/17 06:51), Joakim Tjernlund wrote: > > On Fri, 2017-05-19 at 16:59 +0200, Lukas Slebodnik wrote: > > > On (19/05/17 14:41), Joakim Tjernlund wrote: > > > > On Fri, 2017-05-19 at 16:3

[SSSD-users] Re: kerberos ticket not renewed in 15.2/master

2017-05-19 Thread Joakim Tjernlund
On Fri, 2017-05-19 at 16:59 +0200, Lukas Slebodnik wrote: > On (19/05/17 14:41), Joakim Tjernlund wrote: > > On Fri, 2017-05-19 at 16:34 +0200, Lukas Slebodnik wrote: > > > On (19/05/17 14:07), Joakim Tjernlund wrote: > > > > Will do over the week end > > &

[SSSD-users] Re: kerberos ticket not renewed in 15.2/master

2017-05-19 Thread Joakim Tjernlund
On Fri, 2017-05-19 at 16:34 +0200, Lukas Slebodnik wrote: > On (19/05/17 14:07), Joakim Tjernlund wrote: > > On Fri, 2017-05-19 at 15:24 +0200, Lukas Slebodnik wrote: > > > On (19/05/17 12:50), Joakim Tjernlund wrote: > > > > On Fri, 2017-05-19 at 14:1

[SSSD-users] Re: kerberos ticket not renewed in 15.2/master

2017-05-19 Thread Joakim Tjernlund
On Fri, 2017-05-19 at 15:24 +0200, Lukas Slebodnik wrote: > On (19/05/17 12:50), Joakim Tjernlund wrote: > > On Fri, 2017-05-19 at 14:14 +0200, Lukas Slebodnik wrote: > > > On (19/05/17 12:07), Joakim Tjernlund wrote: > > > > On Fri, 2017-05-19 at 13:4

[SSSD-users] Re: kerberos ticket not renewed in 15.2/master

2017-05-19 Thread Joakim Tjernlund
On Fri, 2017-05-19 at 13:22 +0200, Lukas Slebodnik wrote: > On (19/05/17 10:37), Joakim Tjernlund wrote: > > On Thu, 2017-05-18 at 11:40 -0400, Striker Leggette wrote: > > > I can understand the first unlock from waking up from sleep.  For the > > > second, bump your

[SSSD-users] Re: kerberos ticket not renewed in 15.2/master

2017-05-19 Thread Joakim Tjernlund
On Fri, 2017-05-19 at 14:14 +0200, Lukas Slebodnik wrote: > On (19/05/17 12:07), Joakim Tjernlund wrote: > > On Fri, 2017-05-19 at 13:43 +0200, Lukas Slebodnik wrote: > > > On (19/05/17 11:31), Joakim Tjernlund wrote: > > > > On Fri, 2017-05-19 at 13:2

[SSSD-users] Re: kerberos ticket not renewed in 15.2/master

2017-05-19 Thread Joakim Tjernlund
On Fri, 2017-05-19 at 13:43 +0200, Lukas Slebodnik wrote: > On (19/05/17 11:31), Joakim Tjernlund wrote: > > On Fri, 2017-05-19 at 13:22 +0200, Lukas Slebodnik wrote: > > > On (19/05/17 10:37), Joakim Tjernlund wrote: > > > > On Thu, 2017-05-18 at 11:40 -0400, Strik

[SSSD-users] Re: kerberos ticket not renewed in 15.2/master

2017-05-19 Thread Joakim Tjernlund
s database failed [5]: Input/output error (Fri May 19 12:25:48 2017) [sssd[be[infinera.com]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'sv-dc02.infinera.com': Could not contact DNS servers > > On 05/18/2017 10:58 AM, Joakim Tjernlund wrote: > > Sequ

[SSSD-users] kerberos ticket not renewed in 15.2/master

2017-05-18 Thread Joakim Tjernlund
Sequence: login into MATE or Plasma suspend to ram wait until krbtgt expires wakeup computer unlock screen klist will show the old expired ticket. lock/unlock screen again(well after networking is up) klist still shows the old ticket. No SSO/NFS possible until manually doing a kinit to get a

[SSSD-users] Re: adcli -v info SEGVs

2017-03-29 Thread Joakim Tjernlund
r can be NULL otherwise Jocke On Wed, 2017-03-29 at 20:36 +0200, Joakim Tjernlund wrote: > Got a BT now as well: > ore was generated by `adcli -v info INFINERA.COM'. > Program terminated with signal SIGSEGV, Segmentation fault. > #0  0x0041087e in parse_disco_data (bv=0x7ffcb

[SSSD-users] adcli -v info SEGVs

2017-03-29 Thread Joakim Tjernlund
On and off I see adcli 0.8.2 SEGV, I can provoke SEGV using adcli -v info INFINERA.COM: adcli -v info INFINERA.COM  * Discovering domain controllers: _ldap._tcp.INFINERA.COM  * Sending netlogon pings to domain controller: cldap://10.120.34.22  * Sending netlogon pings to domain controller:

[SSSD-users] Re: KRB5CCNAME hardcoded?

2017-03-29 Thread Joakim Tjernlund
On Wed, 2017-03-29 at 19:21 +0200, Joakim Tjernlund wrote: > On Wed, 2017-03-29 at 18:41 +0200, Sumit Bose wrote: > > On Wed, Mar 29, 2017 at 04:16:47PM +0000, Joakim Tjernlund wrote: > > > On Wed, 2017-03-29 at 16:10 +0200, Sumit Bose wrote: > > > > On Wed, Ma

[SSSD-users] Re: KRB5CCNAME hardcoded?

2017-03-29 Thread Joakim Tjernlund
On Wed, 2017-03-29 at 18:41 +0200, Sumit Bose wrote: > On Wed, Mar 29, 2017 at 04:16:47PM +0000, Joakim Tjernlund wrote: > > On Wed, 2017-03-29 at 16:10 +0200, Sumit Bose wrote: > > > On Wed, Mar 29, 2017 at 01:48:07PM +, Joakim Tjernlund wrote: > > > >

[SSSD-users] Re: KRB5CCNAME hardcoded?

2017-03-29 Thread Joakim Tjernlund
On Wed, 2017-03-29 at 16:10 +0200, Sumit Bose wrote: > On Wed, Mar 29, 2017 at 01:48:07PM +0000, Joakim Tjernlund wrote: > > I have tried to set KRB5CCNAME to something predicable, both in > > sssd.conf(krb5_ccname_template = FILE:/tmp/krb5cc_:%U) > > and > > krb5.conf

[SSSD-users] Re: NT_STATUS_LOGON_FAILURE on Debian 9 with kerberos and sssd libwbclient

2017-03-24 Thread Joakim Tjernlund
On Fri, 2017-03-24 at 10:55 +0100, Joakim Tjernlund wrote: > On Fri, 2017-03-24 at 10:50 +0100, Sumit Bose wrote: > > On Fri, Mar 24, 2017 at 09:19:10AM -, Martin Scott wrote: > > > Hi, > > > > > > I have Debian 9 samba installed with sssd. > > >

[SSSD-users] Re: NT_STATUS_LOGON_FAILURE on Debian 9 with kerberos and sssd libwbclient

2017-03-24 Thread Joakim Tjernlund
On Fri, 2017-03-24 at 10:50 +0100, Sumit Bose wrote: > On Fri, Mar 24, 2017 at 09:19:10AM -, Martin Scott wrote: > > Hi, > > > > I have Debian 9 samba installed with sssd. > > > > Samba Version 4.5.6-Debian > > SSSD 1.15.0 > > > > I have configured samba to use the sssd libwbclient but keep

[SSSD-users] Re: libwbclient broken in sssd 1.15 ?

2017-02-13 Thread Joakim Tjernlund
On Mon, 2017-02-13 at 09:32 +0100, Sumit Bose wrote: > On Sat, Feb 11, 2017 at 08:29:18PM +0000, Joakim Tjernlund wrote: > > On Sat, 2017-02-11 at 21:25 +0100, Joakim Tjernlund wrote: > > > On Sat, 2017-02-11 at 20:32 +0100, Lukas Slebodnik wrote: > > > > On (11/

[SSSD-users] Re: libwbclient broken in sssd 1.15 ?

2017-02-11 Thread Joakim Tjernlund
On Sat, 2017-02-11 at 21:25 +0100, Joakim Tjernlund wrote: > On Sat, 2017-02-11 at 20:32 +0100, Lukas Slebodnik wrote: > > On (11/02/17 19:10), Joakim Tjernlund wrote: > > > I can not get libwbclient in sssd 1.15 work at all for samba. > > > samba log is not helpful ei

[SSSD-users] Re: libwbclient broken in sssd 1.15 ?

2017-02-11 Thread Joakim Tjernlund
On Sat, 2017-02-11 at 20:32 +0100, Lukas Slebodnik wrote: > On (11/02/17 19:10), Joakim Tjernlund wrote: > > I can not get libwbclient in sssd 1.15 work at all for samba. > > samba log is not helpful either:  > > [2017/02/11 20:08:47.742465,  1, pid=21157, effec

[SSSD-users] SSSD not reregister DDNS when interface goes up down

2017-02-10 Thread Joakim Tjernlund
Starting up with eth0 plugged I gest DNS registered. But if I pull eth0 and enable WiFi I get a new IP but the old IP is still in DNS. Restarting sssd register the new WiFi IP. Bug or feature ?  Jocke ___ sssd-users mailing list --

[SSSD-users] Re: uid -> sid mapping in Samba with sssd

2017-01-26 Thread Joakim Tjernlund
On Thu, 2017-01-26 at 09:35 +0100, Sumit Bose wrote: > On Wed, Jan 25, 2017 at 10:54:17PM -, smfre...@gmail.com wrote: > > It wasn't obvious from the documentation whether with sssd-libwbclient > > (only, ie without sssd-winbind-idmap installed and configured in smb.conf, > > since

[SSSD-users] Re: [SSSD] Re: Announcing SSSD 1.14.2

2016-11-07 Thread Joakim Tjernlund
On Mon, 2016-11-07 at 12:08 +0100, Lukas Slebodnik wrote: > On (20/10/16 06:58), Joakim Tjernlund wrote: > > > > On Wed, 2016-10-19 at 21:48 +0200, Jakub Hrozek wrote: > > > > > > === SSSD 1.14.2 === > > > > > > The SSSD team

[SSSD-users] Re: Joining AD with adcli, strange error

2016-10-28 Thread Joakim Tjernlund
On Fri, 2016-10-28 at 17:15 +0200, Sumit Bose wrote: > On Tue, Oct 25, 2016 at 12:58:06PM +0000, Joakim Tjernlund wrote: > > > > On Tue, 2016-10-25 at 13:40 +0200, Joakim Tjernlund wrote: > > > > > > On Mon, 2016-08-29 at 09:52 +0200, Sumit Bose wrote: > &g

[SSSD-users] Re: Joining AD with adcli, strange error

2016-10-28 Thread Joakim Tjernlund
On Fri, 2016-10-28 at 16:52 +0200, Sumit Bose wrote: > On Tue, Oct 25, 2016 at 11:39:33AM +0000, Joakim Tjernlund wrote: > > > > On Mon, 2016-08-29 at 09:52 +0200, Sumit Bose wrote: > > > > > > On Mon, Aug 29, 2016 at 07:20:33AM +, Joakim Tjernlund wrote:

[SSSD-users] Re: Joining AD with adcli, strange error

2016-10-25 Thread Joakim Tjernlund
On Tue, 2016-10-25 at 13:40 +0200, Joakim Tjernlund wrote: > On Mon, 2016-08-29 at 09:52 +0200, Sumit Bose wrote: > > > > On Mon, Aug 29, 2016 at 07:20:33AM +, Joakim Tjernlund wrote: > > > > > > > > > On Mon, 2016-08-29 at 06:55 +, Ondrej Valou

[SSSD-users] Re: Joining AD with adcli, strange error

2016-10-25 Thread Joakim Tjernlund
On Mon, 2016-08-29 at 09:52 +0200, Sumit Bose wrote: > On Mon, Aug 29, 2016 at 07:20:33AM +0000, Joakim Tjernlund wrote: > > > > On Mon, 2016-08-29 at 06:55 +, Ondrej Valousek wrote: > > > > > > Looks like adcli was unable to detect your site - you fou

[SSSD-users] Re: Announcing SSSD 1.14.2

2016-10-20 Thread Joakim Tjernlund
On Thu, 2016-10-20 at 12:18 +0200, Lukas Slebodnik wrote: > On (20/10/16 08:44), Joakim Tjernlund wrote: > > > > On Thu, 2016-10-20 at 10:16 +0200, Lukas Slebodnik wrote: > > > > > > On (20/10/16 09:27), Jakub Hrozek wrote: > > > > > > &g

[SSSD-users] Re: Announcing SSSD 1.14.2

2016-10-20 Thread Joakim Tjernlund
On Thu, 2016-10-20 at 10:16 +0200, Lukas Slebodnik wrote: > On (20/10/16 09:27), Jakub Hrozek wrote: > > > > On Thu, Oct 20, 2016 at 06:58:53AM +, Joakim Tjernlund wrote: > > > > > > On Wed, 2016-10-19 at 21:48 +0200, Jakub Hrozek wrote: > > > &

[SSSD-users] Re: Announcing SSSD 1.14.2

2016-10-20 Thread Joakim Tjernlund
On Wed, 2016-10-19 at 21:48 +0200, Jakub Hrozek wrote: > === SSSD 1.14.2 === > > The SSSD team is proud to announce the release of version 1.14.2 of > the System Security Services Daemon. > > As always, the source is available from https://fedorahosted.org/sssd > > RPM

[SSSD-users] Re: samba 4.2.11, 4.2.14 and sssd?

2016-09-14 Thread Joakim Tjernlund
On Wed, 2016-09-14 at 10:39 +0200, Sumit Bose wrote: > On Tue, Sep 13, 2016 at 01:43:06PM +0000, Joakim Tjernlund wrote: > > > > On Tue, 2016-09-13 at 11:39 +0200, Sumit Bose wrote: > > > > > > On Mon, Sep 12, 2016 at 04:30:02PM +, Joakim Tjernlund wrote:

[SSSD-users] TGT for cross realm?

2016-09-14 Thread Joakim Tjernlund
Is there a way to configure SSSD to request extra TGTs for other domains than the default login domain? I would like to have TGT for both my domains (same user and pw on both domains)  Jocke ___ sssd-users mailing list sssd-users@lists.fedorahosted.org

[SSSD-users] Re: samba 4.2.11, 4.2.14 and sssd?

2016-09-12 Thread Joakim Tjernlund
> > > sssd-libwbclient does not implement all functions. That's reason why it > > > is not > > > a default; and just an alternative. > > > > hmm, then I wonder why my samba stopped working just from moving from samba > > 3.6.25 to 4.2.11/14 > > Maybe some bug in samba/my smb.conf ? > > The

  1   2   >