On Wed, Sep 26, 2012 at 07:37:50PM +, Rosile, Mike wrote:
I have somewhat of a unique situation which causes the userPrincipalName
value in Active Directory to use a public DNS domain as its realm, but the
Active Directory was designed with a private DNS domain.
For example, user John
On Tue, Oct 16, 2012 at 01:25:00PM +, Longina Przybyszewska wrote:
Sure, but I guess with sssd it should be simpler ( if it is possible).
As me and Stephen said, with SSSD 1.9, the configuration is quite easy,
no need for NIS. In combination with the realmd project, even joining the
domain
Hi,
even though RHEL-6.4 is still brewing, I think there might be some
interest in trying out the 1.9.x series of the SSSD on RHEL-6.3.
So I went ahead and built the SSSD 1.9.2 in a RHEL-6.3 buildroot:
http://repos.fedorapeople.org/repos/jhrozek/sssd/epel-6/
The NVR of these test packages will
On Wed, Oct 24, 2012 at 03:55:27PM +, Longina Przybyszewska wrote:
Hi again,
Ubuntu-quantal - sssd-1.9.1
Can start sssd in interactive mode , but cannot start it from init scripts as
a deamon
with -D -f -d3 options
/etc/ssd/sssd.conf mode 600
longina
Is there anything in
On Thu, Oct 25, 2012 at 05:43:12AM -0400, Stephen Gallagher wrote:
On 10/24/2012 05:49 PM, Paul B. Henson wrote:
We're working on transitioning from RHEL5 to RHEL6 and have run into a
bit of a problem with sssd and our ldap integration.
We have a number of groups with a very large number of
On Thu, Oct 25, 2012 at 01:48:49PM +0200, Tomas Brandysky wrote:
On 10/25/2012 11:36 AM, Sumit Bose wrote:
On Thu, Oct 25, 2012 at 10:36:05AM +0200, Tomas Brandysky wrote:
Hello,
we're upgrading from Centos 5.8 to Centos 6.3 and have realized few
things have changed in the system.
On Fri, Oct 26, 2012 at 11:10:45AM +0200, Tomas Brandysky wrote:
You can also use a comma-separated list in the ldap_access_order
parameter of sssd.conf and then define both service and host for a user.
this is not a solution because defining service for user in LDAP means
to grant user
On Fri, Nov 09, 2012 at 03:23:55PM -0500, Dmitri Pal wrote:
On 11/09/2012 07:27 AM, Longina Przybyszewska wrote:
Hi again,
Here you are all logs after 'getent passwd imadatestuser'
root@victoria:/var/log/sssd# cat /etc/sssd/sssd.conf | grep -v ^#
[sssd]
debug_level = 0x1310
On Tue, Nov 13, 2012 at 05:02:13PM +0100, Ondrej Valousek wrote:
Hi List,
Is sss_cache (as of version 1.9.2) supposed to work for automount maps (i.e.
-a -A parameters)?
It seems to me that it is not working - maps are not reloaded (tcpdump port
ldap says nothing)
Just asking first
On Mon, Jan 14, 2013 at 04:41:42PM -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon 14 Jan 2013 04:28:57 PM EST, Jakub Hrozek wrote:
On Mon, Jan 14, 2013 at 08:37:56PM +, Daniel Laird wrote:
I am stuck with Ubuntu 10.04 (no chance of upgrading our
Hi,
the recent security issue means we need to release a 1.8.6 LTM release
upstream as well.
I plan on releasing 1.8.6 with fixes listed below. Does the list makes
sense for everybody? Would you like to add some fixes that went upstream
but may not be fixed in your distribution or release you
and takes ~60s to return to shell if member dn
is incorrect
https://fedorahosted.org/sssd/ticket/1787
reset the release in upstream spec before releasing 1.9.4
== Detailed Changelog ==
Jakub Hrozek (47):
* Updating the version for the 1.9.4 release
* SUDO: strdup the input variable
Changelog ==
Jakub Hrozek (9):
* Updating the version for the 1.8.6 release
* Initialize Kerberos ticket renewal in the IPA provider
* LDAP: Check validity of naming_context
* Free the internal DP request
* Do not always return PAM_SYSTEM_ERR when offline krb5 authentication fails
* NSS: Fix
On Thu, Feb 14, 2013 at 11:24:23AM +, Longina Przybyszewska wrote:
UID/GID allocating – is my missing link.
We need to renumber at least UIDs as they overlap across NIS domains.
As all users have in advance AD account it seems obvious to me to generate
posix uid based on AD IDs.
If
On Mon, Feb 18, 2013 at 12:12:32AM -0600, Anthony Messina wrote:
I have just upgraded a few of my machines from Fedora 17 to Fedora 18
(sssd-1.9.4-3.fc18.x86_64) and on the F18 machines, users are now presented
with the Your password will expire in 204 days... message. All machines
are
On Wed, Feb 20, 2013 at 08:23:04AM +0100, Michael Ströder wrote:
Pavel Březina wrote:
But I'm struggling that groups are not correctly retrieved - see my last
attempt of sssd.conf attached.
1. After login id does not show the user's groups although the OpenLDAP
logs
show that group
On Wed, Feb 20, 2013 at 08:56:10AM -0800, Scott Classen wrote:
Well I got SSSD and LDAP working so I thought I'd post something here for
posterity's sake.
On Feb 19, 2013, at 5:22 PM, Dmitri Pal wrote:
On 02/19/2013 05:01 PM, Scott Classen wrote:
Hello,
sssd appears to bind
On Wed, Feb 20, 2013 at 09:39:26PM +0100, Michael Ströder wrote:
Jakub Hrozek wrote:
Feel free to ping this list again if you
can't get the sudo integration working. Please note you need relatively
recent sudo built with the --with-sssd (not sure if Debian would do that
even in -unstable
On Wed, Feb 20, 2013 at 01:20:23PM -0800, Scott Classen wrote:
On Feb 20, 2013, at 12:41 PM, Jakub Hrozek wrote:
So the solution was to add the following line to my sssd.conf file
enumerate = true
That's it.
Everything works now.
id username returns useful information
=== A security bug in SSSD 1.9 ===
=
= Subject: A simple access provider flaw prevents intended ACL use
= when SSSD is configured as an Active Directory client
=
= CVE ID#: CVE-2013-0287
=
= Summary: When SSSD is
On Wed, Mar 20, 2013 at 08:12:33AM -0400, Simo Sorce wrote:
On Wed, 2013-03-20 at 10:19 +0100, Pavel Březina wrote:
Hi,
I'm afraid we support ssh keys only with IPA backend at the moment.
Should we open a RFE to make it available with other backends too ?
This is already part of
On Wed, Mar 20, 2013 at 12:26:51PM -0400, Mathieu Lemoine wrote:
My Bad... And there we go, everything seems to be working just fine.
Thank you very much for your help!
I'll give it a rest for a couple of days to make sure the cache is working
fine for my use case and then I'll document my
On Sun, Mar 31, 2013 at 02:52:58PM +0100, Rowland Penny wrote:
On 29/03/13 11:21, Jakub Hrozek wrote:
On Thu, Mar 28, 2013 at 09:22:32PM +, Rowland Penny wrote:
Hello, I am trying to use sssd instead of winbind against a samba 4
AD server. After looking around the internet, I have got
/sssd/ticket/1840
Add --with-test-dir=/dev/shm to DISTCHECK_CONFIGURE_FLAGS
== Detailed Changelog ==
Abhishek Singh (1):
* filename in comment is corrected
Ariel Barria (1):
* Improve syslog message when configuration cannot be loaded
Jakub Hrozek (44):
* Bump version
On Tue, Apr 02, 2013 at 02:55:23PM -0400, Sutton, Harry (GSSE) wrote:
Okay, I have AD sign-on working on my Fedora 18 laptop, but when I
disconnect from the network and attempt to login, I get an
authentication failure.
In krb5_child, I can see that it recognizes my attempt as offline
On Tue, Apr 02, 2013 at 02:55:23PM -0400, Sutton, Harry (GSSE) wrote:
In /var/log/sssd/sssd_DOMAIN, I see this [krb5_auth_send]
(0x0100): Home directory for user [SuttonH] not known. A Google
search suggests this was a problem in the past, perhaps fixed now?
But I wonder if it's related to my
On Tue, Apr 02, 2013 at 09:39:19PM +, Sutton, Harry (GSSE) wrote:
Yes, sorry, I should have confirmed that.
/Harry
OK, then what does /var/log/secure have to say? Do you see pam_sss
contacted at all? If so, is anything interesting in /var/log/sssd/*.log
?
I use cached
On Wed, Apr 03, 2013 at 07:51:31AM -0400, Sutton, Harry (GSSE) wrote:
On 04/02/2013 06:04 PM, Jakub Hrozek wrote:
On Tue, Apr 02, 2013 at 09:39:19PM +, Sutton, Harry (GSSE) wrote:
Yes, sorry, I should have confirmed that.
/Harry
OK, then what does /var/log/secure have to say? Do
On Thu, Apr 04, 2013 at 09:35:00PM -0400, Sutton, Harry (GSSE) wrote:
On 04/04/2013 01:07 PM, Dmitri Pal wrote:
How SSH is configured on the RHEL box?
Does it use GSSAPI Authentication?
The version in F18 should be very close to version in RHEL 6.4.
Are your sssd.conf files in any way
On Wed, Apr 03, 2013 at 10:38:46AM -0400, Sutton, Harry (GSSE) wrote:
On 04/03/2013 10:26 AM, Jakub Hrozek wrote:
On Wed, Apr 03, 2013 at 10:08:53AM -0400, Sutton, Harry (GSSE) wrote:
On 04/03/2013 09:56 AM, Jakub Hrozek wrote:
Ok, the name might be different (cased perhaps), can you try
On Fri, Apr 05, 2013 at 12:26:26PM +0100, Rowland Penny wrote:
Hi,
There appears to be a problem with sssd 1.9.4 on Ubuntu 12.04
server. if apparmor is installed it takes a very long time to
install via apt-get and then will not start correctly, it hangs
forever and if you stop it with
On Fri, Apr 05, 2013 at 05:36:32PM +0100, Rowland Penny wrote:
On 05/04/13 17:05, Andreas Schneider wrote:
On Friday 05 April 2013 15:54:41 Rowland Penny wrote:
On 05/04/13 15:35, Jakub Hrozek wrote:
On Wed, Apr 03, 2013 at 11:20:44AM +0100, Rowland Penny wrote:
On 02/04/13 22:39, Jakub
On Fri, Apr 05, 2013 at 09:16:43AM -0400, Sutton, Harry (GSSE) wrote:
On 04/05/2013 05:22 AM, Jakub Hrozek wrote:
Hi,
are you using pam_krb5 along with SSSD authentication? Is there a reason
not to use pam_sss.so ?
In general I would not recommend configuring the PAM stack yourself
On Fri, Apr 05, 2013 at 10:19:41PM -0700, Chris Gray wrote:
Sorry in advance for the most likely repeated question. After searching for
a week, and still being stuck, it was time to ask the mailing list.
I have a CentOS 6.4 machine that I'm trying to use SSSD/LDAP/KRB5
to authenticate with
On Fri, Apr 05, 2013 at 08:15:14PM +0100, Rowland Penny wrote:
On 05/04/13 19:46, Dmitri Pal wrote:
On 04/05/2013 02:40 PM, Rowland Penny wrote:
On 05/04/13 19:00, Jakub Hrozek wrote:
On Fri, Apr 05, 2013 at 05:36:32PM +0100, Rowland Penny wrote:
On 05/04/13 17:05, Andreas Schneider wrote
On Thu, Apr 11, 2013 at 10:22:30AM -0400, Sutton, Harry (GSSE) wrote:
On 04/11/2013 09:55 AM, Simo Sorce wrote:
Because the PAM stack is completely separate from the NSS stack,
although we suggest people to not do this normally you can use an option
in nsswitch.conf to avoid falling through
On Thu, Apr 11, 2013 at 10:30:26PM -0700, Jason Bishop wrote:
hi errbody, i may have an easy question, but i haven't found anything in
the documentation which describes my use-case exactly. i hope you can help.
my environment is kerberos for authentication and kerberos using
host-keytab for
On Fri, Apr 12, 2013 at 12:26:15PM +, Licause, Al (BCS) wrote:
The following entry into an ldap.conf file on a RHEL V5 system provides for
the ability to limit users
based in their GID values:
nss_base_passwd OU=ldap,DC=mydomain,DC=net?one?|(gidNumber=11001)
(gidNumber=11003)
Only
pam responder segfaults if the client disconnects before the operation
finishes
https://fedorahosted.org/sssd/ticket/1880
Simple access control always denies uppercased users in case insensitive
domain
== Detailed Changelog ==
Jakub Hrozek (16):
* Bump the version to 1.9.5, reset
On Wed, Apr 24, 2013 at 07:06:27AM -0700, Brandon Foster wrote:
sorry for the delay got pulled away for a bit.
I can confirm that I have updated to 6.4 and all of my packages are up to
date.
i'll do the debuginfo shortly
So you're seeing the same problem even with 6.4?
On Sat, Apr 27, 2013 at 05:56:15AM +, Ondrej Valousek wrote:
Yes. Wondering if the AD provider in sssd is multipurpose enough - i.e.
Capable of serving automount, sudo, HBAC... maps too.
Ondrej
No, you'd need to configure sudo_provider=ldap
Feel free to raise a RFE, though.
...@lists.fedorahosted.org] On Behalf Of Dmitri Pal
Sent: Sunday, April 28, 2013 10:17 PM
To: sssd-users@lists.fedorahosted.org
Subject: Re: [SSSD-users] Anyone using sudo with AD?
On 04/28/2013 02:13 PM, Jakub Hrozek wrote:
On Sat, Apr 27, 2013 at 05:56:15AM +, Ondrej Valousek wrote
On Thu, Nov 22, 2012 at 05:47:52PM +0100, Jakub Hrozek wrote:
Hi,
many new features rely on library APIs and features that are only available
in recent versions of SSSD dependencies. As a result, the code often needs
#ifdefs and special branches in order to at least compile or run on RHEL5
On Tue, Apr 30, 2013 at 09:37:54AM +0200, Michael Ströder wrote:
Jakub Hrozek wrote:
On Thu, Nov 22, 2012 at 05:47:52PM +0100, Jakub Hrozek wrote:
many new features rely on library APIs and features that are only available
in recent versions of SSSD dependencies. As a result, the code often
* Confusing error messages for invalid sssd.conf
Jakub Hrozek (38):
* Updating the version for the 1.10 beta1 release
* krb5 child: Use the correct type when processing OTP
* pidfile(): Do not leak fd on error
* Fix potential out-of-bounds write in sss_idmap_sid_to_dom_sid
On Thu, May 09, 2013 at 04:20:43PM +0100, michael gabriel wrote:
Hi there,
We have two different ldap accounts. One is used to get user account
information and the other is used get sudo information.
Is there way to have two ldap_default_bind_dn's and ldap_default_authtok's
for each of
On Thu, May 09, 2013 at 09:39:07AM -0400, will_dar...@navyfederal.org wrote:
If this comes across as HTML sorry.. gotta find a better mail client for
mailing lists... :/
I grabbed these logs right after attempting a su - espadmin, so that
should narrow down whats there. I should
On Thu, May 09, 2013 at 03:06:30PM -0400, will_dar...@navyfederal.org wrote:
sssd-users-boun...@lists.fedorahosted.org wrote on 05/09/2013 02:44:00
PM:
From: Jakub Hrozek jhro...@redhat.com
To: sssd-users@lists.fedorahosted.org,
Date: 05/09/2013 02:44 PM
Subject: Re
On Mon, May 20, 2013 at 09:41:52AM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/20/2013 09:08 AM, Jakub Hrozek wrote:
On Fri, May 17, 2013 at 09:09:17PM +, John Bossert wrote:
Am fighting a battle with sssd/ldap and udev (RHEL6/Centos6).
I
On Mon, May 20, 2013 at 09:12:37PM -0700, C. S. wrote:
Hi folks,
We have two auto.master maps: auto_master_a and auto_master_b. The reason
for this is that it allows us to maintain the same paths at different
campuses and redirect them to local filers vs. traversing a WAN link.
In sssd I
On Mon, May 20, 2013 at 08:59:28PM +, John Bossert wrote:
/var/log/messages suggests that udev starts before sssd:
May 17 16:54:07 seadv01-db01 kernel: udev: starting version 147
May 17 16:54:09 seadv01-db01 sssd: Starting up
I haven't found the bug Stephen was referring to (though I
On Wed, May 22, 2013 at 08:26:25PM +, Joshua C. Endries wrote:
Hello,
I'm trying to get sssd going here to hook up with AD/LDAP for user and group
lookup. I have it working, and it works great on RHEL5 (sssd v1.5.1). Running
'id' on myself takes 3s when in foreground mode, and 0.014s
On Thu, May 23, 2013 at 10:36:21AM +0200, Jakub Hrozek wrote:
On Wed, May 22, 2013 at 08:26:25PM +, Joshua C. Endries wrote:
Hello,
I'm trying to get sssd going here to hook up with AD/LDAP for user and
group lookup. I have it working, and it works great on RHEL5 (sssd v1.5.1
On Thu, May 23, 2013 at 10:32:21AM -0400, will_dar...@navyfederal.org wrote:
Does anyone have any experience with using IBM IHS Apache and sssd
together?
I've got some RHEL6.4 servers that need to use IBM IHS for apache.
The 'User user' in the httpd.conf file is set to a userid
On Tue, Jun 04, 2013 at 11:12:54AM -0400, Dmitri Pal wrote:
On 06/04/2013 10:13 AM, Bryan Harris wrote:
Hi all,
I have the following lines in my file /etc/security/access.conf for
the purpose of my testing.
- : bryan.harris.adm : ALL
- : ALL : ALL
When I place the following into
.
Alexander Bokovoy (3):
* build: fix dependencies for pysss module
* pysss: add pysss.getgrouplist(username)
* pysss: prevent crashing when group is unresolvable
Jakub Hrozek (13):
* Bumping the version for the 1.11 beta2 release
* LDAP: When resolving a SID, search
On Wed, Jul 24, 2013 at 07:11:28PM -0400, Dmitri Pal wrote:
On 07/24/2013 03:41 PM, Licause, Al (CSC AMS BCS - UNIX/Linux Network
Support) wrote:
Thanks Jakob,
I suspect I'll have at least one unhappy customer if they can't upgrade.
Should we not be able to use sudo with sssd, is it
On Thu, Jul 25, 2013 at 06:01:09PM +, Licause, Al (CSC AMS BCS - UNIX/Linux
Network Support) wrote:
Is that to say that when using this under RHEL v6.3 in which we use sssd to
authenticate the user
and then /etc/sudo-ldap.conf to affect the sudo commands, there is no caching
?
There is
On Tue, Jul 30, 2013 at 11:41:41AM +, Bryan Harris wrote:
Hi all,
I've followed the sssd page for connecting RHEL 6 to a Windows 2008 for
authentication. It works on all our servers except one, and I'm getting
confused. I've even gone as far as to clone a working VM and rename, give
On Thu, Aug 01, 2013 at 08:04:46PM +, Licause, Al (CSC AMS BCS - UNIX/Linux
Network Support) wrote:
Al Licause
HP L2 UNIX Network Services
HP Customer Support Center
Hours 7am-3pm Pacific time USA
Manager: tom.cerni...@hp.com
-Original Message-
From:
On Tue, Jul 30, 2013 at 06:46:22PM -0400, Simo Sorce wrote:
On Tue, 2013-07-30 at 16:42 -0400, Chris Hartman wrote:
On Tue, Jul 30, 2013 at 4:24 PM, Dmitri Pal d...@redhat.com wrote:
MSFT is just paranoid about it.
While you may be right, I think that an ad provider in SSSD
On Mon, Aug 05, 2013 at 12:11:44PM -0400, Chris Hartman wrote:
I've got a fully updated Fedora 19 system up and running. I've got
authentication working identically to the rest of the domain.
[root@sssd ~]# uname -a
Linux sssd.domain.local 3.10.4-300.fc19.x86_64 #1 SMP Tue Jul 30 11:29:05
On Tue, Aug 06, 2013 at 11:28:47AM -0400, Chris Hartman wrote:
On Tue, Aug 6, 2013 at 8:07 AM, Jakub Hrozek jhro...@redhat.com wrote:
Here are the F-19 test packages:
http://koji.fedoraproject.org/koji/taskinfo?taskID=5783694
Success. The 64-bit packages work with my AD installation
On Thu, Aug 08, 2013 at 12:45:31PM +0400, Vladimir Akhmarov wrote:
Hello,
I have a strange problem using new id_provider = ad and ldap_filter =
memberOf=cn=Linux Admins,OU=Common Groups,DC=example,DC=com option. The
problem is that I always can log on to the system no matter the user is
On Thu, Aug 08, 2013 at 08:07:19PM +0400, Vladimir Akhmarov wrote:
Hi, Will
I have already double checked and yes you are right. My mistake, not
ldap_filter just ldap_access_filter was right. I have checked my first
config with id_provider = ad with no luck. So GSSAPI + access_provider =
On Wed, Aug 21, 2013 at 02:25:20PM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/21/2013 02:25 PM, John Uhlig wrote:
thanks for your prompt reply. I have attached the sssd-default
logfile.
The cacert dir has been rehashed using cacertdir_rehash
On Thu, Aug 29, 2013 at 06:21:57AM +, Ondrej Valousek wrote:
Hi Jakub,
Does it mean that AD POSIX attributes are finally supported with IPAAD trust?
Thanks,
Ondrej
Yes, with IPA 3.3 on the server side. We actually had a Fedora Test Day
a while ago where the feature was tested (and bugs
On Thu, Aug 29, 2013 at 10:13:20AM +, Ondrej Valousek wrote:
Perfect,
And where we can find a mature IPA 3.3 implementation? Fedora 19 or RHEL-7?
Thanks,
Ondrej
Both, actually.
___
sssd-users mailing list
sssd-users@lists.fedorahosted.org
On Sun, Sep 01, 2013 at 09:20:30PM +0300, Timo Aaltonen wrote:
3) Someone needs to own packages in Debian and maintain them, someone
with good knowledge of the distro and time to take ownership of about 50
packages.
I'm doing this on my spare time, which has meant obvious delays in
On Fri, Sep 06, 2013 at 02:55:48PM +0200, Bolesław Tokarski wrote:
Hello,
Can somebody confirm me the behaviour of SSSD (we're currently on
version 1.8.6, but will migrate to whatever comes in Ubuntu 14.04) with
regards to Kerberos DNS records?
I mean, sssd series 1.8 did not have any
On Fri, Sep 06, 2013 at 01:40:50PM -0600, Erinn Looney-Triggs wrote:
On 09/06/2013 07:10 AM, Jakub Hrozek wrote:
On Fri, Sep 06, 2013 at 02:55:48PM +0200, Bolesław Tokarski wrote:
Hello,
Can somebody confirm me the behaviour of SSSD (we're currently on
version 1.8.6, but will migrate
On Sat, Sep 07, 2013 at 07:16:09PM -0400, Dmitri Pal wrote:
On 09/07/2013 02:23 PM, Doug Clow wrote:
Hello,
I recently switched my sssd to 1.9 so I can try the native Active
Directory support. Previously I was using:
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
On Tue, Sep 10, 2013 at 01:29:54PM +, Longina Przybyszewska wrote:
Hi,
I would test the new features (autofs !!!) in sssd-1.11.0 version in Ubuntu
Saucy, and I am using native sssd package.
I use working config file from sssd-1.9.4
Daemon doesn't start:
root@saucy:/var/lib/sss# sssd
On Wed, Sep 11, 2013 at 10:47:35AM +0200, Ondrej Kos wrote:
On 09/11/2013 07:04 AM, Dale Harris wrote:
Hi folks,
Trying to set up autofs in sssd. It doesn't appear that sssd likes my
basedn, one that I use on Solaris just fine. In my sssd_default.log I
see:
sssd_default.log:(Tue Sep 10
On Wed, Sep 11, 2013 at 09:24:08AM -0400, Dale Harris wrote:
On Wed, Sep 11, 2013 at 4:47 AM, Ondrej Kos o...@redhat.com wrote:
Hi Dale,
BaseDN shouldn't contain a dot character, could you please post your
sssd.conf file? Sanitized, if needed.
Also, is the version of SSSD you run same
On Wed, Sep 11, 2013 at 03:37:50PM +0200, Jakub Hrozek wrote:
ldap_default_authtok_type = obfuscated_passwordldap_default_authtok = XX
Also not sure if this is just a copypaste error, but these two
parameters need to be on separate lines.
___
sssd
On Wed, Sep 11, 2013 at 09:47:19AM -0400, Dale Harris wrote:
On Wed, Sep 11, 2013 at 9:37 AM, Jakub Hrozek jhro...@redhat.com wrote:
I think you just need to drop the quotes. Instead of:
ldap_autofs_search_base=o=nycornell.org
use:
ldap_autofs_search_base=o=nycornell.org
I just tired
On Wed, Sep 11, 2013 at 06:25:25PM +, Bright, Daniel wrote:
I was told by the good folks at the 389-users mailing list to instead
redirect my question to the sssd-users list so here goes, thanks in advance!
All,
I am in the process of moving away from pam_ldap and on to pam_sss. The
On Mon, Sep 09, 2013 at 09:57:35AM -0700, Doug Clow wrote:
Thank you Jakub,
Those settings you gave me to minimally add back the ldap access_provider
worked perfectly. All is working well again!
Best,
Doug
Hi Doug,
I'm glad the access control is working for you now. We were
On Fri, Sep 13, 2013 at 02:03:07PM +, Bright, Daniel wrote:
I did not see any extended error messages in the debug logs, actually I
am using Oracle Enterprise Linux 6 (OEL6) so the version of sssd I am on
is 1.9.2-82.7, it looks like the fix that you spoke about earlier is in
1.10.1x and
On Mon, Sep 16, 2013 at 07:31:13PM +0200, Alfredo Colangelo wrote:
Hello List,
I've built sssd-1.11.90 from git source for a CentOS 6.4 server. I want to
set up a connection with SSSD to 2 Active Directory domains (both Windows
2003 functional level), parent and child, so they have a
On Tue, Sep 17, 2013 at 01:50:15PM +, a t wrote:
Date: Mon, 16 Sep 2013 15:59:09 +0200
From: jhro...@redhat.com
To: sssd-users@lists.fedorahosted.org
Subject: Re: [SSSD-users] authenticating against all sub-domains in AD
forest
On Mon, Sep 16, 2013 at 01:45:17PM +, a t
On Wed, Sep 18, 2013 at 10:02:46AM +0100, Rowland Penny wrote:
The only change I made was in /etc/default/autofs, I changed:
MASTER_MAP_NAME=OU=auto.master,OU=automount,DC=home,DC=lan
To:
Ah, I know what's going on, sorry for the confusion.
tl;dr - your config is correct.
On Wed, Sep 18, 2013 at 11:55:52AM +, a t wrote:
Date: Wed, 18 Sep 2013 10:34:03 +0200
From: jhro...@redhat.com
To: sssd-users@lists.fedorahosted.org
Subject: Re: [SSSD-users] authenticating against all sub-domains in AD
forest
On Tue, Sep 17, 2013 at 01:50:15PM
On Thu, Sep 19, 2013 at 10:42:12AM +0200, Jakub Hrozek wrote:
On Wed, Sep 18, 2013 at 10:00:15AM +, Longina Przybyszewska wrote:
Hi,
I have a fresh install of Saucy (VM in Virtualbox), sssd is installed as
binary package available in distribution.
To be sure, I uninstalled sssd
On Mon, Sep 23, 2013 at 03:10:45PM +, a t wrote:
Date: Fri, 20 Sep 2013 14:44:49 +0200
From: jhro...@redhat.com
To: sssd-users@lists.fedorahosted.org
Subject: Re: [SSSD-users] authenticating against all sub-domains in AD
forest
On Wed, Sep 18, 2013 at 11:55:52AM +, a t
On Tue, Sep 24, 2013 at 11:02:48AM +, a t wrote:
Hi,
please see logs attached. (couldn't upload logs as they were too large so i
hope a tar.gz gets through). I stopped sssd, deleted logs and started sssd.
Then ran the commands below;
ssh B\\test.user@localhost - run at (Tue Sep 24
On Wed, Oct 09, 2013 at 09:08:05AM +0200, Sumit Bose wrote:
On Tue, Oct 08, 2013 at 11:33:45PM +, Ondrej Valousek wrote:
Looks like this only happens if I specify the ad_server manually. If I let
sssd do the DNS SRV discovery, it works OK.
I still think it should work OK if I specify
On Wed, Oct 09, 2013 at 11:25:51AM -0400, Chris Hartman wrote:
I'm having a problem getting pam_mkhomedir.so to make a user's home
directory when it's specified using an LDAP attribute. The backend
directory server is AD on Server 2008. The client is Ubuntu 12.04, sssd
version 1.11.1.
On Wed, Oct 09, 2013 at 02:03:00PM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/09/2013 01:22 PM, Dmitri Pal wrote:
On 10/09/2013 01:05 PM, Ondrej Valousek wrote:
Hi List,
I have noticed that since F19 I can not use lines beginning with
On Thu, Oct 10, 2013 at 10:54:59AM +0200, Jakub Hrozek wrote:
On Wed, Oct 09, 2013 at 02:03:00PM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/09/2013 01:22 PM, Dmitri Pal wrote:
On 10/09/2013 01:05 PM, Ondrej Valousek wrote:
Hi List,
I
On Thu, Oct 10, 2013 at 01:48:24PM -0400, Simo Sorce wrote:
On Thu, 2013-10-10 at 11:22 +0200, Jakub Hrozek wrote:
On Thu, Oct 10, 2013 at 10:54:59AM +0200, Jakub Hrozek wrote:
On Wed, Oct 09, 2013 at 02:03:00PM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash
On Thu, Oct 17, 2013 at 05:03:32PM +0200, Lukas Slebodnik wrote:
On (17/10/13 16:21), Olivier wrote:
Hello,
FYI : https://bugzilla.redhat.com/show_bug.cgi?id=1020366
Best
It isn't a bug, but it was very confusing for a lot of users.
Therefore libsss_sudo.so was moved back into the
On Wed, Oct 23, 2013 at 11:15:13AM +0200, Melvin Williams wrote:
unix:path=/var/lib/sss/pipes/private/sbus-dp_DOMAIN.6506,guid=d80dc5947470b79adedf926e52678695
(Wed Oct 23 10:19:33 2013) [sssd[be[DOMAIN]]] [sbus_add_watch] (0x2000):
0x1216e50/0x1201dd0 (15), R/- (enabled)
(Wed Oct 23 10:19:33
On Thu, Oct 24, 2013 at 09:59:50AM +0100, Roberts Klotiņš wrote:
Hello,
After 2 days of reading on Samba4 SSSD and AD login I am running into
problems. I have set up
- AD server with Samba 4.2 (CentOS 6.3) - domain PEOPLE.LOCAL
- Fedora 19 machine
- Windows XP machine joined the domain
On Thu, Oct 24, 2013 at 02:01:11PM +0100, Roberts Klotiņš wrote:
Hi Thanks a lot for looking into this.
As you suspected - there is something that enterprise simple login added
into the config file file:
[sssd]
services = nss, pam
config_file_version = 2
domains = PEOPLE
[nss]
On Fri, Oct 25, 2013 at 02:25:04AM +0100, Roberts Klotiņš wrote:
Hi again, still trying to understand how to make the setup to work.
As the very last thing I thought to check into /etc/sysconfig/authconfig.
What I found was that usekerberos and useldap were set to no. Maybe they
(or at least
On Fri, Oct 25, 2013 at 09:58:48AM +0200, Jakub Hrozek wrote:
On Fri, Oct 25, 2013 at 02:25:04AM +0100, Roberts Klotiņš wrote:
Hi again, still trying to understand how to make the setup to work.
As the very last thing I thought to check into /etc/sysconfig/authconfig.
What I found
On Fri, Oct 25, 2013 at 03:10:34PM +0100, Michael Gliwinski wrote:
Hi all,
Hi Michael, sorry for the late reply, most of the team was busy
prepairing the 1.11.2 release.
I was just looking at various access control methods and reading through
On Wed, Oct 30, 2013 at 12:18:44PM +0200, Sami K wrote:
Hello,
We have been lately having big problems with sssd caching. On our ssh
servers, (each with ~100-200 users) login may take several minutes as the
sssd_be -process uses 100% cpu time and sssd_be -process may be in this
state for
1 - 100 of 987 matches
Mail list logo