On Fri, Sep 06, 2013 at 01:40:50PM -0600, Erinn Looney-Triggs wrote:
> On 09/06/2013 07:10 AM, Jakub Hrozek wrote:
> > On Fri, Sep 06, 2013 at 02:55:48PM +0200, Bolesław Tokarski wrote:
> >> Hello,
> >>
> >> Can somebody confirm me the behaviour of SSSD (we
On Sat, Sep 07, 2013 at 07:16:09PM -0400, Dmitri Pal wrote:
> On 09/07/2013 02:23 PM, Doug Clow wrote:
> > Hello,
> >
> > I recently switched my sssd to 1.9 so I can try the native Active
> > Directory support. Previously I was using:
> >
> > id_provider = ldap
> > auth_provider = krb5
> > chpass_
On Tue, Sep 10, 2013 at 01:29:54PM +, Longina Przybyszewska wrote:
> Hi,
> I would test the new features (autofs !!!) in sssd-1.11.0 version in Ubuntu
> Saucy, and I am using native sssd package.
> I use working config file from sssd-1.9.4
> Daemon doesn't start:
>
> root@saucy:/var/lib/sss#
On Tue, Sep 10, 2013 at 02:16:30PM +, Longina Przybyszewska wrote:
> This is VM machine and does not have DNS entry.
> Could it be the reason?
>
> Longina
No, most probably this is an issue with how we load the configuration..
___
sssd-users mailin
On Tue, Sep 10, 2013 at 02:04:02PM +, Longina Przybyszewska wrote:
> It should be ok:
> [sssd]
> config_file_version = 2
> debug_level = 9
> reconnection_retries = 3
> sbus_timeout = 30
> services = nss, pam
> domains = xxx.sdu.dk, zzz.sdu.dk
> ...
>
> Longina
I see..can you check what
On Wed, Sep 11, 2013 at 10:47:35AM +0200, Ondrej Kos wrote:
> On 09/11/2013 07:04 AM, Dale Harris wrote:
> >Hi folks,
> >
> >Trying to set up autofs in sssd. It doesn't appear that sssd likes my
> >basedn, one that I use on Solaris just fine. In my sssd_default.log I
> >see:
> >
> >sssd_default.l
On Wed, Sep 11, 2013 at 09:24:08AM -0400, Dale Harris wrote:
> On Wed, Sep 11, 2013 at 4:47 AM, Ondrej Kos wrote:
> >
> > Hi Dale,
> >
> > BaseDN shouldn't contain a dot character, could you please post your
> > sssd.conf file? Sanitized, if needed.
> > Also, is the version of SSSD you run same on
On Wed, Sep 11, 2013 at 03:37:50PM +0200, Jakub Hrozek wrote:
> > ldap_default_authtok_type = obfuscated_passwordldap_default_authtok = XX
Also not sure if this is just a copy&paste error, but these two
parameters need to be on sepa
On Wed, Sep 11, 2013 at 09:47:19AM -0400, Dale Harris wrote:
> On Wed, Sep 11, 2013 at 9:37 AM, Jakub Hrozek wrote:
> >
> > I think you just need to drop the quotes. Instead of:
> > ldap_autofs_search_base="o=nycornell.org"
> > use:
> > ldap_autofs_se
On Wed, Sep 11, 2013 at 09:59:14AM -0400, Dale Harris wrote:
> On Wed, Sep 11, 2013 at 9:53 AM, Jakub Hrozek wrote:
> >
> > Can you link the docs? We need to fix them.
>
> Here it is:
>
> https://access.redhat.com/site/documentation//en-US/Red_Hat_Enterprise_Linux/6
On Wed, Sep 11, 2013 at 06:25:25PM +, Bright, Daniel wrote:
> I was told by the good folks at the 389-users mailing list to instead
> redirect my question to the sssd-users list so here goes, thanks in advance!
>
> All,
>
> I am in the process of moving away from pam_ldap and on to pam_sss.
On Wed, Sep 11, 2013 at 05:02:41PM -0400, Dmitri Pal wrote:
> On 09/11/2013 04:06 PM, Bright, Daniel wrote:
> >
> > Jakub,
> >
> >
> >
> > Thanks for the quick response, to answer your question I am using the
> > built-in password policy features of 389-ds that allows us to use
> > these features
> root@saucy:/var/lib/sss# aptitude show libini-config2
> E: Unable to locate package libini-config2
>
> Longina
>
> -Original Message-
> From: sssd-users-boun...@lists.fedorahosted.org
> [mailto:sssd-users-boun...@lists.fedorahosted.org] On Behalf Of Jakub Hrozek
On Thu, Sep 12, 2013 at 01:11:26PM +0200, Jakub Hrozek wrote:
> On Tue, Sep 10, 2013 at 02:28:36PM +, Longina Przybyszewska wrote:
> > root@saucy:/var/lib/sss# aptitude show libini-config3
> > Package: libini-config3
> > State: installed
> > A
On Thu, Sep 12, 2013 at 02:02:12PM +, Bright, Daniel wrote:
> Jakub, I took your advice and turned debugging to level 9, this is what I am
> seeing in the logs:
>
> ===
> [r...@some.server.com
On Thu, Sep 12, 2013 at 03:21:51PM -0400, Dmitri Pal wrote:
> On 09/12/2013 03:14 PM, Bright, Daniel wrote:
> >
> > Jakub,
> >
> >
> >
> > Thanks for the response, I figured out why I was getting the
> > constraint violation, in my case it was because I have the
> > “passwordminage” set for my po
On Mon, Sep 09, 2013 at 09:57:35AM -0700, Doug Clow wrote:
> Thank you Jakub,
>
> Those settings you gave me to minimally add back the ldap access_provider
> worked perfectly. All is working well again!
>
> Best,
> Doug
>
>
Hi Doug,
I'm glad the access control is working for you now. We wer
On Fri, Sep 13, 2013 at 03:04:42PM +0200, Jakub Hrozek wrote:
> On Mon, Sep 09, 2013 at 09:57:35AM -0700, Doug Clow wrote:
> > Thank you Jakub,
> >
> > Those settings you gave me to minimally add back the ldap access_provider
> > worked perfectly. All is workin
On Fri, Sep 13, 2013 at 02:03:07PM +, Bright, Daniel wrote:
> I did not see any extended error messages in the debug logs, actually I
> am using Oracle Enterprise Linux 6 (OEL6) so the version of sssd I am on
> is 1.9.2-82.7, it looks like the fix that you spoke about earlier is in
> 1.10.1x an
On Mon, Sep 16, 2013 at 01:17:22PM +, a t wrote:
> Hi,
>
> I am testing find a standard config for Linux authentication against Active
> Directory and I am testing with Centos 6. I have decided on a
> SSSD/Kerberos/LDAP configuration as described in RedHats "Integrating Red Hat
> Enterprise
On Mon, Sep 16, 2013 at 01:45:17PM +, a t wrote:
>
>
> > Date: Mon, 16 Sep 2013 15:22:47 +0200
> > From: jhro...@redhat.com
> > To: sssd-users@lists.fedorahosted.org
> > Subject: Re: [SSSD-users] authenticating against all sub-domains in AD
> > forest
> >
> > On Mon, Sep 16, 2013 at 01:17:2
On Mon, Sep 16, 2013 at 07:31:13PM +0200, Alfredo Colangelo wrote:
> Hello List,
>
> I've built sssd-1.11.90 from git source for a CentOS 6.4 server. I want to
> set up a connection with SSSD to 2 Active Directory domains (both Windows
> 2003 functional level), parent and child, so they have a par
On Mon, Sep 16, 2013 at 10:34:58AM -0700, Doug Clow wrote:
> Hi Jakub,
>
> I would definitely use that ad_access_filter feature. In fact that is how I
> expected it was going to work and tried it out originally.
Great, thank you! I flagged your e-mail so that I ping you when the new
feature is
On Tue, Sep 17, 2013 at 09:13:23AM +, Longina Przybyszewska wrote:
> Some more debugging output:
>
> root@saucy:/etc/sssd# sssd -i -d 9 -c /etc/sssd/sssd.conf
> (Mon Sep 16 20:21:20:853610 2013) [sssd] [check_file] (0x0400): lstat for
> [/var/run/nscd/socket] failed: [2][No such file or direc
On Tue, Sep 17, 2013 at 01:50:15PM +, a t wrote:
>
>
> > Date: Mon, 16 Sep 2013 15:59:09 +0200
> > From: jhro...@redhat.com
> > To: sssd-users@lists.fedorahosted.org
> > Subject: Re: [SSSD-users] authenticating against all sub-domains in AD
> > forest
> >
> > On Mon, Sep 16, 2013 at 01:45:1
ng attrs:
> >>>[automountMapName]
> >>>(Mon Sep 16 15:10:50 2013) [sssd[be[example.com]]]
> >>>[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 8
> >>>(Mon Sep 16 15
On Wed, Sep 18, 2013 at 10:02:46AM +0100, Rowland Penny wrote:
> The only change I made was in /etc/default/autofs, I changed:
>
> MASTER_MAP_NAME="OU=auto.master,OU=automount,DC=home,DC=lan"
>
> To:
>
Ah, I know what's going on, sorry for the confusion.
tl;dr - your config is correct.
> MAST
On Wed, Sep 18, 2013 at 10:00:15AM +, Longina Przybyszewska wrote:
> Hi,
> I have a fresh install of Saucy (VM in Virtualbox), sssd is installed as
> binary package available in distribution.
>
> To be sure, I uninstalled sssd and installed it again.
>
> To be sure that sssd.conf works, I s
On Wed, Sep 18, 2013 at 04:12:24PM +0200, Olivier wrote:
> Ok : I found where was my mistake :
>
> This is wrong:
> > ldap_user_ssh_public_key = True
>
> This is the right config :
> ldap_user_ssh_public_key = sshPublicKey
>
> Now it works !
>
> Thanks to Mathieu :
> http://blog.mlemoine.name
On Wed, Sep 18, 2013 at 11:55:52AM +, a t wrote:
>
>
>
>
>
> > Date: Wed, 18 Sep 2013 10:34:03 +0200
> > From: jhro...@redhat.com
> > To: sssd-users@lists.fedorahosted.org
> > Subject: Re: [SSSD-users] authenticating against all sub-domains in AD
> > forest
> >
> > On Tue, Sep 17, 2013 a
On Sat, Sep 21, 2013 at 03:38:30PM +0100, Rowland Penny wrote:
> OK, I have now got sssd to cache the sudo rules from AD, I found out
> that you must have 'defaults' in the AD database, I didn't and
> thought you could just use the defaults on the client.
>
> Now, even though sssd has cached the r
On Thu, Sep 19, 2013 at 10:42:12AM +0200, Jakub Hrozek wrote:
> On Wed, Sep 18, 2013 at 10:00:15AM +, Longina Przybyszewska wrote:
> > Hi,
> > I have a fresh install of Saucy (VM in Virtualbox), sssd is installed as
> > binary package available in distribution.
&
On Mon, Sep 23, 2013 at 03:10:45PM +, a t wrote:
>
>
> > Date: Fri, 20 Sep 2013 14:44:49 +0200
> > From: jhro...@redhat.com
> > To: sssd-users@lists.fedorahosted.org
> > Subject: Re: [SSSD-users] authenticating against all sub-domains in AD
> > forest
> >
> > On Wed, Sep 18, 2013 at 11:55:5
On Wed, Sep 25, 2013 at 11:42:15AM +0200, Olivier wrote:
> Hello everyone,
>
> I launch "authconfig" within a script to setup my redhat6 boxes.
>
> I noticed that authconfig does not set up sssd.conf properly :
> https://bugzilla.redhat.com/show_bug.cgi?id=874527
>
> but the bug is declared as "
On Wed, Sep 25, 2013 at 08:22:57PM +0200, Michael Ströder wrote:
> Hmm, I really wonder why SRV RRs are recommended over having a single service
> CNAME RR and maybe several A/ RRs?
In my opinion, the biggest advantages are centrally defined failover
using the "priority field" and the ability
On Wed, Sep 25, 2013 at 09:00:42PM +0200, Michael Ströder wrote:
> Jakub Hrozek wrote:
> > On Wed, Sep 25, 2013 at 08:22:57PM +0200, Michael Ströder wrote:
> >> Hmm, I really wonder why SRV RRs are recommended over having a single
> >> service
> >> C
On Thu, Sep 26, 2013 at 10:23:54AM +0100, Michael Gliwinski wrote:
> On Wednesday 25 Sep 2013 13:59:31 Dmitri Pal wrote:
> > On 09/25/2013 09:41 AM, Stephen Gallagher wrote:
> > > On 09/25/2013 08:40 AM, Michael Gliwinski wrote:
> > > > Hi all,
> > > >
> > > > Currently SSSD (when configured with
On Thu, Sep 26, 2013 at 11:00:00AM +0200, Olivier wrote:
> Hello Jakub and all,
>
> may be the following could help : to be honnest, from an operational point
> of view
> I like the centralisation perspective offered by DNS discovery.
>
> Any comment on these test/audit are welcomed.
>
> for the
On Thu, Sep 26, 2013 at 11:46:04AM -0400, Stephen Gallagher wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 09/26/2013 11:11 AM, Longina Przybyszewska wrote:
> >
> > I am testing sssd-1.11.0 in Ubuntu Saucy - and have problems with
> > ssh and login from GUI-login (lightdm and gd
On Fri, Sep 27, 2013 at 03:02:33PM +, Longina Przybyszewska wrote:
> What debugging level would be reasonable?
> Level 9 gives a huge file of 15mb for single login ;(
>
> Longina
Try 6 or 7 for a start.
___
sssd-users mailing list
sssd-users@lists.f
that server side password policies always takes precedence
https://fedorahosted.org/sssd/ticket/2093
sssd should write capaths for IPA trusted forests' subdomains
== Detailed Changelog ==
Jakub Hrozek (24):
* Updating the version for 1.11.1 release
* PROXY: Handle empty GECOS
On Tue, Sep 24, 2013 at 11:02:48AM +, a t wrote:
>
> Hi,
>
> please see logs attached. (couldn't upload logs as they were too large so i
> hope a tar.gz gets through). I stopped sssd, deleted logs and started sssd.
> Then ran the commands below;
>
> ssh B\\test.user@localhost - run at (Tue
On Sun, Sep 29, 2013 at 02:41:11PM +0100, a t wrote:
> Hi,
>
> That user, test.user, is in the subdomain a.domain.org.
>
> Thr logs mark domain.org as a subdomain of b.domain.org. however, this is not
> correct - domain.org is the root domain of which b.domain.org is a subdomain.
> We do not ha
On Wed, Oct 09, 2013 at 09:08:05AM +0200, Sumit Bose wrote:
> On Tue, Oct 08, 2013 at 11:33:45PM +, Ondrej Valousek wrote:
> > Looks like this only happens if I specify the ad_server manually. If I let
> > sssd do the DNS SRV discovery, it works OK.
> > I still think it should work OK if I spe
On Wed, Oct 09, 2013 at 11:25:51AM -0400, Chris Hartman wrote:
> I'm having a problem getting pam_mkhomedir.so to make a user's home
> directory when it's specified using an LDAP attribute. The backend
> directory server is AD on Server 2008. The client is Ubuntu 12.04, sssd
> version 1.11.1.
>
>
On Wed, Oct 09, 2013 at 02:03:00PM -0400, Stephen Gallagher wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 10/09/2013 01:22 PM, Dmitri Pal wrote:
> > On 10/09/2013 01:05 PM, Ondrej Valousek wrote:
> >> Hi List,
> >>
> >> I have noticed that since F19 I can not use lines beginning
On Thu, Oct 10, 2013 at 10:54:59AM +0200, Jakub Hrozek wrote:
> On Wed, Oct 09, 2013 at 02:03:00PM -0400, Stephen Gallagher wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > On 10/09/2013 01:22 PM, Dmitri Pal wrote:
> > > On 10/09/2013 01:05
On Thu, Oct 10, 2013 at 01:48:24PM -0400, Simo Sorce wrote:
> On Thu, 2013-10-10 at 11:22 +0200, Jakub Hrozek wrote:
> > On Thu, Oct 10, 2013 at 10:54:59AM +0200, Jakub Hrozek wrote:
> > > On Wed, Oct 09, 2013 at 02:03:00PM -0400, Stephen Gallagher wrote:
> > > >
On Thu, Oct 17, 2013 at 05:03:32PM +0200, Lukas Slebodnik wrote:
> On (17/10/13 16:21), Olivier wrote:
> >Hello,
> >
> >FYI : https://bugzilla.redhat.com/show_bug.cgi?id=1020366
> >
> >Best
> >
>
> It isn't a bug, but it was very confusing for a lot of users.
>
> Therefore libsss_sudo.so was move
On Thu, Oct 17, 2013 at 06:10:07PM +0200, Olivier wrote:
> Ok, thanks.
>
> it's not yet in my "official" redhat6 repository then.
>
> (curently : sssd-1.9.2-82.7.el6_4.x86_64)
>
> ---
So yum list libsss_sudo shows nothing? What RHN channels is the system
subscribed to?
On Wed, Oct 23, 2013 at 11:15:13AM +0200, Melvin Williams wrote:
> unix:path=/var/lib/sss/pipes/private/sbus-dp_DOMAIN.6506,guid=d80dc5947470b79adedf926e52678695
> (Wed Oct 23 10:19:33 2013) [sssd[be[DOMAIN]]] [sbus_add_watch] (0x2000):
> 0x1216e50/0x1201dd0 (15), R/- (enabled)
> (Wed Oct 23 10:19:
On Thu, Oct 24, 2013 at 09:59:50AM +0100, Roberts Klotiņš wrote:
> Hello,
>
> After 2 days of reading on Samba4 SSSD and AD login I am running into
> problems. I have set up
> - AD server with Samba 4.2 (CentOS 6.3) - domain PEOPLE.LOCAL
> - Fedora 19 machine
> - Windows XP machine joined the dom
On Thu, Oct 24, 2013 at 02:01:11PM +0100, Roberts Klotiņš wrote:
> Hi Thanks a lot for looking into this.
>
> As you suspected - there is something that enterprise simple login added
> into the config file file:
>
> [sssd]
> services = nss, pam
> config_file_version = 2
> domains = PEOPLE
>
> [n
On Fri, Oct 25, 2013 at 02:25:04AM +0100, Roberts Klotiņš wrote:
> Hi again, still trying to understand how to make the setup to work.
>
> As the very last thing I thought to check into /etc/sysconfig/authconfig.
> What I found was that usekerberos and useldap were set to no. Maybe they
> (or at l
On Fri, Oct 25, 2013 at 09:58:48AM +0200, Jakub Hrozek wrote:
> On Fri, Oct 25, 2013 at 02:25:04AM +0100, Roberts Klotiņš wrote:
> > Hi again, still trying to understand how to make the setup to work.
> >
> > As the very last thing I thought to check into /etc/sysconfig/a
On Fri, Oct 25, 2013 at 03:10:34PM +0100, Michael Gliwinski wrote:
> Hi all,
>
Hi Michael, sorry for the late reply, most of the team was busy
prepairing the 1.11.2 release.
> I was just looking at various access control methods and reading through
> https://fedorahosted.org/sssd/wiki/DesignDoc
On Fri, Oct 25, 2013 at 02:52:24AM +0100, Roberts Klotiņš wrote:
> Hi Many thanks. I attaching the files as otherwise the one that relates to
> the domain is very large. Curiously though the krb5_child.log is empty (0
> bytes) "so it will not be attached".
>
> And I apologize for not paying attent
On Wed, Oct 30, 2013 at 12:18:44PM +0200, Sami K wrote:
> Hello,
>
> We have been lately having big problems with sssd caching. On our ssh
> servers, (each with ~100-200 users) login may take several minutes as the
> sssd_be -process uses 100% cpu time and sssd_be -process may be in this
> state f
in members from different domains
== Detailed Changelog ==
Jakub Hrozek (23):
* Updating the version for the 1.11.2 release
* krb5: Fix unit tests
* INI: Disable line-wrapping functionality
* KRB5: Return PAM_ACCT_EXPIRED when logging in as expired AD user
* PROXY: Fix memory hierarchy w
On Thu, Oct 31, 2013 at 03:04:39PM +0100, Pieter Baele wrote:
> Hello everyone,
>
> I made a configuration where I use Active Directory Kerberos as
> authentication source,
> but OpenDJ LDAP (Forgerock) as id_provider, sudo_provider etc
>
> I configured everything using the excellent tool msk
On Thu, Oct 31, 2013 at 05:50:10PM +, Chris Petty wrote:
>
> I guess i naively thought i needed it, but i removed the pam_krb libs from
> all the system/password auth sections of test machines and things still work
> as normal.
>
> I still get the same errors on the ro-root machine however:
On Fri, Nov 01, 2013 at 09:36:05AM +, Ondrej Valousek wrote:
> Hi List,
>
> Looks like the AD provider in sssd honors sAMAccountname attribute instead of
> the 'uid' (which is more in line with the RFC2307).
> Is this intentional or a bug?
>
> Thanks,
> Ondrej
Intentional, is UID guaranteed
On Fri, Nov 01, 2013 at 11:21:10AM +, Ondrej Valousek wrote:
> In ADUC, if you tick on User "Unix attributes" and populate it, uid is
> automatically set on.
> Not sure if Samba even populates RFC attributes - guess you need to use
> ldap_id_mapping=true w/ Samba.
> Ondrej
But using UNIX att
On Fri, Nov 01, 2013 at 08:03:47PM +0200, Sami K wrote:
> Thank you for all the comments and suggestions,
>
> 2013/10/30 Jakub Hrozek
> >On Wed, Oct 30, 2013 at 12:18:44PM +0200, Sami K wrote:
> >> Any idea when would RHEL6 sssd be rebased?
> > Not in RHEL-6.5 :
https://fedorahosted.org/sssd/ticket/1892
In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name
failed' error when AD user tries to login via ipa client.
https://fedorahosted.org/sssd/ticket/2126
sssd_be segfault when authenticating against active director
On Fri, Dec 06, 2013 at 10:43:58AM +0200, Dan Candea wrote:
> Hello
>
> Could someone point me in the right direction with what is wrong
> here, please? Thank you for any hint.
>
> I want to make ldap authentication without kerberos (
> access_provider = ldap )
> TLS/SSL encryption channel is fin
On Fri, Nov 29, 2013 at 03:17:44PM +0100, Ben Morrice wrote:
> Hello,
>
> I am trying to use sssd in our environment where unfortunately we
> have a broken ldap implementation with no options to fix it.
>
> We have an openldap implementation where our 'uid' field can contain
> many attributes, so
On Fri, Dec 06, 2013 at 11:13:16AM +0200, Dan Candea wrote:
> On 12/06/2013 11:01 AM, Jakub Hrozek wrote:
> >On Fri, Dec 06, 2013 at 10:43:58AM +0200, Dan Candea wrote:
> >>Hello
> >>
> >>Could someone point me in the right direction with what is wrong
>
On Mon, Dec 09, 2013 at 11:54:59AM +0200, Dan Candea wrote:
> On 12/09/2013 11:00 AM, Jakub Hrozek wrote:
> >When performing the LDAP password bind, the user's full DN is used to
> >bind. According to the logs you sent earlier, this would be
> >CN=MyUser,CN=Users,DC=
On Mon, Dec 09, 2013 at 09:47:48PM -0600, Aaron Johnson wrote:
> My sssd.conf is as follows (I have had to improvise as I have not
> found any solid documentation on how to do this using the new AD
> provider...):
Hi Aaron,
I believe your config can be trimmed further. The AD provider already
def
On Tue, Dec 10, 2013 at 06:41:23AM -0600, Aaron Johnson wrote:
> >On Mon, Dec 09, 2013 at 09:47:48PM -0600, Aaron Johnson wrote:
> >>My sssd.conf is as follows (I have had to improvise as I have not
> >>found any solid documentation on how to do this using the new AD
> >>provider...):
> >Hi Aaron,
On Tue, Dec 10, 2013 at 04:57:47PM +0200, Dan Candea wrote:
> On 12/09/2013 07:00 PM, Lukas Slebodnik wrote:
> >I would suggest to configure sssd against AD with relamd.
> >debian >= jessie and ubuntu >= raring contain this package.
> >
> >http://packages.debian.org/jessie/realmd
> >http://packages
On Wed, Dec 11, 2013 at 09:26:23AM +0100, Sumit Bose wrote:
> To avoid setting ldap_sasl_authid/ad_hostname in your case we can cut
> the hostname after 15 characters if we fail to get a TGT with the
> original request. Would you like to open a RFE about it?
btw realmd already cuts the first 15 ch
On Wed, Dec 11, 2013 at 09:50:51AM -0500, Simo Sorce wrote:
> Arbitrary attributes are not synced to the GC tree, so you either need
> to prevent SSSD from reading from the GC or change the AD configuration
> to sync that attribute to the GC.
btw I have a local patch with a new option to disable G
On Wed, Dec 18, 2013 at 09:42:48AM +0100, Sumit Bose wrote:
> On Wed, Dec 18, 2013 at 12:54:37AM +, Bryan Harris wrote:
> > Hello all,
> >
> > I was wondering if someone would be able to help me track down where I went
> > wrong with a 2008 R2 AD > Linux sssd configuration. I am following th
Sender: sssd-users-boun...@lists.fedorahosted.org
On-Behalf-Of: jhro...@redhat.com
Subject: Re: [SSSD-users] kinit: Client not found in Kerberos database
Message-Id: <20131218093528.gc32...@hendrix.redhat.com>
Recipient: cklopotow...@crabel.com
--- Begin Message ---
On Wed, Dec 18, 2013 at 09:42:48
On Wed, Dec 18, 2013 at 04:25:22PM -0500, Jason Voorhees wrote:
> Hi, this is my first post to this group, I hope someone can help me.
>
> I'm interested to map ID mapping and authentication from a LDAP Server
> in a CentOS 6.5 box.
> The LDAP Server (running IBM TDS afaik) is managed by a third p
On Wed, Dec 18, 2013 at 04:49:51PM -0500, Jason Voorhees wrote:
> Hi Jason,
> >
> > I think we need a little more information. Can you post a result of an
> > ldapsearch of a sample user (feel free to rename and obfuscate the
> > entry).
> >
> Thanks, that's a good idea. The contents of an example
On Thu, Dec 19, 2013 at 11:42:54AM -0500, Dmitri Pal wrote:
> I do not think it searches for sudo information. On every login SSSD
> refreshes data about user and groups to be able to serve most recent
> information about a user.
> The volume of the searches is probably related to the resolution of
On Wed, Dec 18, 2013 at 11:11:12PM +, Bryan Harris wrote:
> Hello all,
>
> I wasn't sure who to reply to so here goes. I have tried an alternative
> method of kinit arguments, and received a ticket back this time. I just
> wanted to mention it and show the output, even though it seems now
On Wed, Dec 18, 2013 at 10:38:39PM +, Bryan Harris wrote:
> Hi Jakub,
>
> On Dec 18, 2013, at 03:35 AM, Jakub Hrozek wrote:
>
> On Wed, Dec 18, 2013 at 09:42:48AM +0100, Sumit Bose wrote:
> On Wed, Dec 18, 2013 at 12:54:37AM +, Bryan Harris wrote:
> >Here is
ain-local scope should be filtered out for trusted domains
== Detailed Changelog ==
Aron Parsons (1):
* do not use default_domain_suffix with autofs
Jakub Hrozek (14):
* Updating the version for the 1.11.3 release
* Initialize sid_str to NULL to avoid freeing random data
* LDA
On Thu, Dec 19, 2013 at 06:48:41PM +, Chris Petty wrote:
>
> Here is what was printed to the sssd_nss log at level 5 when i ran a
> sudo command.
>
> Also, the full sssd.conf that i am currently running on this machine.
>
> -chris
>
Seems like there is a lot of requests coming in for group
On Fri, Jan 03, 2014 at 12:07:55AM +, Bryan Harris wrote:
> I enabled logging but no logs were created. So because of that, I ran sssd
> myself with the -i option to see the output. This is the type of stuff I'm
> seeing.
>
> [sssd] [sbus_remove_timeout] (8): 0x2401540
> [sssd] [sbus_disp
On Fri, Jan 10, 2014 at 01:57:07AM -0800, Chris Gray wrote:
> All of my providers are AD; ID, access, auth and chgpass. I use the AD
> provider for all 4 settings in 1.9 as well, seems to work fine.
>
> I have my ldap_id_mapping set to true.
>
> So, neither of those existing issues fit my setup,
On Thu, Jan 16, 2014 at 11:29:53AM +0100, Mitja Mihelič wrote:
> Hi!
>
> We are running a CentOS6 server using SSSD that connects to 389DS
> containing 70k user entries. Both servers are fully updated.
> SSSD and 389DS package versions:
> sssd-1.9.2-129.el6_5.4.x86_64
> 389-ds-base-1.2.11.15-31.el
On Thu, Jan 16, 2014 at 04:16:32PM +0100, Mitja Mihelič wrote:
> >Can it be due to group membership refresh?
> >Do you have a group that all 70K users are in?
> All users except 27 out of 70k are members of the same group. The
> group is defined locally in /etc/group.
> In /etc/nsswitch.conf we hav
On Thu, Jan 23, 2014 at 01:33:12PM +0100, Lukas Slebodnik wrote:
> On (23/01/14 11:20), Longina Przybyszewska wrote:
> >Hi,
> >I run into start up problem after removing directories /var/log/sssd and
> >/var/lib/sss - as I wanted clean startup.
> You should not remove content of direcory /var/li
On Thu, Jan 23, 2014 at 12:53:54PM +, Longina Przybyszewska wrote:
> Thanks,
> It worked with creating directories as Lukas suggested and one more:
>
> mkdir /var/lib/sss/pipes/private
>
> Longina
I'm glad it worked!
btw the reason I suggested to use distro tool was that mkdir would just
cr
On Fri, Jan 24, 2014 at 10:42:34AM +, Longina Przybyszewska wrote:
> I tried sssd in Ubuntu-Saucy ,clean installation, AD provider.
>
> "+" sides:
> -can join AD with 'realm' :
> -auto created krb5.keytab for computer
> -auto created DNS entries for computer
>
> "-" sides:
> -sssd on start
On Mon, Jan 27, 2014 at 10:30:28AM +, Longina Przybyszewska wrote:
> What is the preferable way for joining AD for sssd client machine - 'adcli
> join' or 'realm join' ?
realm join
>
> 'realm discover' says it requires 'adcli' package does it mean that 'realm'
> self uses it?
Yes, adcli
On Fri, Jan 24, 2014 at 11:54:18AM +, Longina Przybyszewska wrote:
> Ups. I just run into another strange problem - can not start sssd with
> working previously sssd.conf.
> This is my laptop - I worked at home yesterday, on my local account and home
> wireless network;
> At work, I turned of
On Tue, Jan 28, 2014 at 11:56:01AM +, Longina Przybyszewska wrote:
> I have figured out that missing homdir is the problem with login
> adu...@domain.com from GUI.
>
>
> Best,
> Longina
Glad it works now. For future reference, you can use parameters like
fallback_homedir or override_homedi
On Tue, Jan 28, 2014 at 02:26:06PM +, Longina Przybyszewska wrote:
> I have both options 'fallback_homedir, override_homedir'- but the options
> don't install missing homedir.
> I have to add 'pam_mkhomedir.so' reference to pam.d/common-session, for get
>
> home directory installed on f
On Tue, Jan 28, 2014 at 11:07:03PM +, Nordgren, Bryce L -FS wrote:
> Well, I guess the title is a little misleading. The ldap connection is
> working like a champ. I configured sssd to bind using my own credentials, and
> that's working. The searches are successful and return the correct resu
On Wed, Jan 29, 2014 at 11:24:09AM +, Longina Przybyszewska wrote:
> I would like get access to nfs- and cifs shares.
> Sssd is configured with ad provider.
> Is it possible to mount cifs share and nfs share on demand with
> sssd and autofs service?
>
> Med venlig hilsen
I think there are s
On Wed, Jan 29, 2014 at 05:28:10PM +, Nordgren, Bryce L -FS wrote:
>
>
> > -Original Message-
> > On Tue, Jan 28, 2014 at 11:07:03PM +, Nordgren, Bryce L -FS wrote:
>
> > I think the most important log would be the one from the back end,
> > generated by including debug_level in
On Wed, Jan 29, 2014 at 11:14:01PM +, Nordgren, Bryce L -FS wrote:
>
> > > > I think the most important log would be the one from the back end,
> > > > generated by including debug_level in the [domain] section.
> > >
> > > Ok. Will try it.
>
> Attached. Log contains sssd restart as well as a
On Wed, Jan 29, 2014 at 11:18:33PM +, Nordgren, Bryce L -FS wrote:
>
> > > > > I think the most important log would be the one from the back end,
> > > > > generated by including debug_level in the [domain] section.
>
> Oh...I noticed that according to the man page, "debug_level" is listed as
On Thu, Jan 30, 2014 at 01:03:35AM -0800, Chris Gray wrote:
> Use msktutil to join the pc to the AD domain, or create the krb5.keytab
> file on your domain controller and move it to the pc running fedora, if you
> do that, be sure to tell selinux to accept the foreign file.
>
> Chris
With recent
401 - 500 of 1346 matches
Mail list logo