[SSSD-users] Re: username is mapped to username\@MYDOMAIN.COM\@mydomain....@mydomain.com in kerberos

Ok. Removing and recreating /var/lib/sssd worked. Thank you very much > On Thu, Mar 09, 2017 at 12:14:08AM -, Maciej Piechotka wrote: > > It looks like due to the misconfiguration(?) SSSD stored a wrong > representation of the canonical Kerberos principal in its cache. I think > the only

[SSSD-users] Re: el6 1.15.1 diff from 1.14.2 cannot use 2FA

On Thu, Mar 09, 2017 at 10:12:09AM -0500, Mario Rossi wrote: > Hi, > > I pulled the unofficial 1.15.1 el6 sssd and installed it today on a host > where RSA securid is used ( RSA + openldap) . I am trying to log in to the > server and I am getting ( please note pam_unix fails but that's fine as we

[SSSD-users] el6 1.15.1 diff from 1.14.2 cannot use 2FA

Hi, I pulled the unofficial 1.15.1 el6 sssd and installed it today on a host where RSA securid is used ( RSA + openldap) . I am trying to log in to the server and I am getting ( please note pam_unix fails but that's fine as we use ldap ) : Mar 9 09:17:38 barni sshd[7597]: error: PAM:

[SSSD-users] Windows ACL's not set through samba

Hi, I have a debian 9 (stretch) samba domain member. I am using sssd rather than winbind and also managing samba with ctdb as this will eventually run in a clustered environment. I have inherited the configuration for this that has only been previously tested with public shares. I am not a

[SSSD-users] Re: Samba issue using sssd and AD authentication

On 9 March 2017 at 12:06, John Beranek wrote: > On 9 March 2017 at 10:29, John Beranek wrote: >> So, an update on this - I left the server for a day, and Samba has >> stopped authenticating. Samba log says: >> [snip] >> >> So, adcli updated the keytab, but

[SSSD-users] Re: Samba issue using sssd and AD authentication

On 9 March 2017 at 10:29, John Beranek wrote: > So, an update on this - I left the server for a day, and Samba has > stopped authenticating. Samba log says: > > [2017/03/09 10:21:48.814799, 3] smbd/process.c:1609(process_smb) > Transaction 9 of length 2670 (0 toread) >

[SSSD-users] Re: Samba issue using sssd and AD authentication

So, an update on this - I left the server for a day, and Samba has stopped authenticating. Samba log says: [2017/03/09 10:21:48.814799, 3] smbd/process.c:1609(process_smb) Transaction 9 of length 2670 (0 toread) [2017/03/09 10:21:48.814904, 3] smbd/process.c:1414(switch_message) switch

[SSSD-users] Re: Disabling SMBv1 on DC breaks authentication from clients

On Thu, Mar 09, 2017 at 10:05:33AM +0100, Jakub Hrozek wrote: > On Mon, Mar 06, 2017 at 01:30:25PM -0600, Brenden Morgenthaler wrote: > > It does appear to be GPO access, from the gpo_child.log (getting a tarball > > up somewhere to download also). > > > > (Mon Mar 6 13:18:13 2017)

[SSSD-users] Re: Disabling SMBv1 on DC breaks authentication from clients

On Mon, Mar 06, 2017 at 01:30:25PM -0600, Brenden Morgenthaler wrote: > It does appear to be GPO access, from the gpo_child.log (getting a tarball up > somewhere to download also). > > (Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538 [main] (0x0400): > gpo_child started. > (Mon Mar 6

[SSSD-users] Re: Setting ACLs through Samba from Windows?

I thought I had some clues. In Windows the groups show as "metro-us-adm...@ou.ad3.ucdavis.edu (Unix Group\metro-us-adm...@ou.ad3.ucdavis.edu)" (see attached screenshot). Earlier today I had the following permissions on a folder: # file: metro-us-admins/ # owner: root # group:

[SSSD-users] Re: [Freeipa-interest] Announcing SSSD 1.15.1

Big win for many: Local files and fallback... I've socialized. Thank you! Regards, David Sirrine Principal Technical Account Manager, Public Sector Strategic Customer Engagement 804-343-6037 (Office) 804-212-7510 (Cell) On Mon, Mar 6, 2017 at 2:13 PM, Ellen Newlands wrote:

[SSSD-users] Re: Disabling SMBv1 on DC breaks authentication from clients

It does appear to be GPO access, from the gpo_child.log (getting a tarball up somewhere to download also). (Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538 [main] (0x0400): gpo_child started. (Mon Mar 6 13:18:13 2017) [[sssd[gpo_child[24538 [main] (0x0400): context initialized (Mon

[SSSD-users] Re: username is mapped to username\@MYDOMAIN.COM\@mydomain....@mydomain.com in kerberos

On Thu, Mar 09, 2017 at 12:14:08AM -, Maciej Piechotka wrote: > On one computer (Arch) I have misconfigured sssd and when I try to use PAM > sssd tries to get ticket for > username\@MYDOMAIN.COM\@mydomain@mydomain.com. On others (Gentoo) it > works find. It looks like due to the