On Tue, Jun 27, 2017 at 11:12:52AM -0700, kedar sirshikar wrote:
> Hi Team,
> I have integrated 'sssd' with ldap server.
> I am using 'getent passwd' command to see all users from local and ldap.
> I am able to see all users from local. For LDAP, I am only seeing users
> which are not
On Tue, Jun 27, 2017 at 01:35:18PM -0400, Abhijit Tikekar wrote:
>
> >
> > Hi,
> >
> > We are running into some SSSD authentication issues and would really
> > appreciate any advice. Here’s some background:
> >
> > Until now, all CentOS machines which use SSSD were joined to the same
> >
On Tue, Apr 25, 2017 at 12:37:50PM -, k...@unwire.dk wrote:
> Hi.
>
> I have the following scenario :
>
> -'example.com' domain running on premises
> -'aws.example.com' domain running on 'Amazon Microsoft AD' in VPC with VPN
> connection to on premises.
> - One-way trust created from
On Wed, Apr 26, 2017 at 07:55:38AM -, k...@unwire.dk wrote:
> Hi Jakub.
>
> Thank you for quick response.
> I still believe i´m in same forest(correct me if i´m wrong), but using a
> trust. Is trusts not supported at all in SSSD?
Trusted domains in a single forest are. If the domains are
On Wed, Apr 26, 2017 at 09:42:17PM +, Galen Johnson wrote:
> I was going to point you to the troubleshooting doc at
> fedorahosted.org/sssd/wiki/Troubleshooting but since that site points you to
> pagure.io and the links on pagure.io point you back there, I'm not sure where
> to look for
On Mon, Apr 24, 2017 at 06:45:20PM -, maar...@datastorm.nl wrote:
> Hello,
>
> I am desperately looking for a working sssd.conf file for LDAP AD interaction.
> Is the working sssd.conf from Daniel Hermans somewhere to be found?
It looks like he just added:
ldap_user_primary_group =
On Mon, Apr 24, 2017 at 07:18:17PM +, Galen Johnson wrote:
> Hey,
>
>
> I have a question about email logins and case sensitivity. If you configure
> sssd to allow logins by email, can you set it up to be case insensitive yet
> still require normal account logins to be case sensitive? We
> On 28 Jul 2017, at 12:39, Lukas Slebodnik wrote:
>
> On (27/07/17 15:30), Tom Peterson wrote:
>> Hi All,
>>
>> First off thank you for all the hard work put into SSSD! It's been a great
>> piece of software to work with and seems like it has a configuration
>> setting
On Wed, Aug 02, 2017 at 11:07:08AM -0400, Louis Garcia wrote:
> On Wed, Aug 2, 2017 at 8:54 AM, Jakub Hrozek <jhro...@redhat.com> wrote:
>
> > On Wed, Aug 02, 2017 at 02:43:35PM +0200, Jakub Hrozek wrote:
> > > On Wed, Aug 02, 2017 at 09:46:43AM +0200, Lukas Slebodnik
On Wed, Aug 02, 2017 at 09:46:43AM +0200, Lukas Slebodnik wrote:
> On (02/08/17 09:43), Jakub Hrozek wrote:
> >On Tue, Aug 01, 2017 at 04:46:32PM -0400, Louis Garcia wrote:
> >> In fedora 26 where should sssd.conf live? /etc/sssd/ or /etc/sssd/conf.d/
> >> ??
> >
On Wed, Aug 02, 2017 at 02:43:35PM +0200, Jakub Hrozek wrote:
> On Wed, Aug 02, 2017 at 09:46:43AM +0200, Lukas Slebodnik wrote:
> > On (02/08/17 09:43), Jakub Hrozek wrote:
> > >On Tue, Aug 01, 2017 at 04:46:32PM -0400, Louis Garcia wrote:
> > >> In fedora 26 whe
lore this next.
> I should be able to find some time this week to generate some pcap files for
> this and I will send you an update once I've got another set of captures!
> Really glad that we can add something that might help!!!
>
> Thanks for taking a look at these!
>
&g
> On 2 Aug 2017, at 20:43, Louis Garcia <louisg...@gmail.com> wrote:
>
> On Wed, Aug 2, 2017 at 11:42 AM, Jakub Hrozek <jhro...@redhat.com
> <mailto:jhro...@redhat.com>> wrote:
> On Wed, Aug 02, 2017 at 11:07:08AM -0400, Louis Garcia wrote:
> > On Wed, Aug
> On 3 Aug 2017, at 10:22, Tristan Bouillon
> wrote:
>
> Thanks for your time guys.
>
> Looking through sssd stuff I almost forgot y main goal was to ssh to a server.
> I did a little test with ssh, server and user in the same domain.
>
> If I do:
> $ ssh
ll try to give a quick look to use only short names in my
> trusted domains. I think I saw something on that, domain resolution
> order, but this is in the next sssd version.
>
> On 7 August 2017 at 17:25, Jakub Hrozek <jhro...@redhat.com> wrote:
>>
>> On 3 Aug 2017, at
On Fri, Aug 18, 2017 at 01:04:37PM -0400, Mark London wrote:
> Hi - The old server is gone, so I can't test it. Yes, the DN contains a
> space and comma for everybody, i.e. last name, first name.
Right, but then it doesn't constitute a pattern of failing users vs.
passing users right?
>
> I
On Thu, Aug 17, 2017 at 03:36:20PM +1000, Lachlan Musicman wrote:
> We use FreeIPA/SSSD to authenticate our RStudio Server, which we control
> via HBAC membership of an AD group.
>
> Our users are having their sessions ended frequently - once a day or more -
> with the logged message
>
> 17 Aug
On Thu, Aug 17, 2017 at 10:04:08PM -0400, Mark London wrote:
> Hi all - Sorry to bother you with this problem that I've been working all
> day to fix.I've been using SSSD on Redhat for many years, using LDAP to
> authenticate a Windows domain. With a new server with Redhat 7, I'm seeing
>
On Fri, Aug 18, 2017 at 08:42:34AM +0200, Lukas Slebodnik wrote:
> On (17/08/17 12:38), Louis Garcia wrote:
> >Sorry to mail you directly but I think the sssd user mailing list is not
> >accepting my emails. I replied twice to this thread yesterday and both
> >bounced.
> >
>
> I have no idea why
Aug 18, 2017, at 4:05 AM, Jakub Hrozek <jhro...@redhat.com> wrote:
> >
> >> On Thu, Aug 17, 2017 at 10:04:08PM -0400, Mark London wrote:
> >> Hi all - Sorry to bother you with this problem that I've been working all
> >> day to fix.I've been using SSSD
On Mon, May 15, 2017 at 01:15:33PM +0200, Sébastien QUESSON wrote:
> Hi, on sssd 1.13.4-1ubuntu1.5:
> looking at sssd_domain.tls.log with debug level 9, I can see many wrong group
> requests.
>
> After flushing ssd cache and restarting:
> [sdap_get_generic_ext_step] (0x0400): calling
On Mon, Jun 12, 2017 at 01:53:27PM +, Joakim Tjernlund wrote:
> On Sun, 2017-06-11 at 20:55 +0200, Jakub Hrozek wrote:
> > On Sat, Jun 10, 2017 at 07:56:47AM +, Joakim Tjernlund wrote:
> > > On Sat, 2017-06-10 at 08:24 +0200, Jakub Hrozek wrote:
> > > > On F
On Mon, Jun 12, 2017 at 12:20:24PM +, Ondrej Valousek wrote:
> Hi,
>
> For some users I experience inconsistent group membership, i.e. "getent group
> G" does not list user U as a member, but "id -a U" command shows the group G.
> Is that normal or a known issue?
This can be normal,
On Mon, Jun 12, 2017 at 03:32:22PM +, Joakim Tjernlund wrote:
> On Mon, 2017-06-12 at 16:01 +0200, Jakub Hrozek wrote:
> > On Mon, Jun 12, 2017 at 01:53:27PM +, Joakim Tjernlund wrote:
> > > On Sun, 2017-06-11 at 20:55 +0200, Jakub Hrozek wrote:
> > > > On S
On Mon, Jun 12, 2017 at 03:21:43PM +, Joakim Tjernlund wrote:
> On Mon, 2017-06-12 at 16:01 +0200, Jakub Hrozek wrote:
> > On Mon, Jun 12, 2017 at 01:53:27PM +, Joakim Tjernlund wrote:
> > > On Sun, 2017-06-11 at 20:55 +0200, Jakub Hrozek wrote:
> > > > On S
On Mon, Jun 12, 2017 at 03:38:28PM +, Joakim Tjernlund wrote:
> On Mon, 2017-06-12 at 17:32 +0200, Joakim Tjernlund wrote:
> > On Mon, 2017-06-12 at 16:01 +0200, Jakub Hrozek wrote:
> > > On Mon, Jun 12, 2017 at 01:53:27PM +, Joakim Tjernlund wrote:
> > > &g
On Mon, Jun 19, 2017 at 05:03:24PM +, Thomas Beaudry wrote:
> Hi Folks.
>
> I have sssd managing autofs to mount some nfs share with v 4.1. Up until
> recently it has worked flawlessly, but now it isn't working on one of my
> machines. The username and group, is being being shown as:
On Mon, Jun 19, 2017 at 06:10:39PM +, Thomas Beaudry wrote:
> Hi,
>
> Well now it is working all of a sudden, and it was only that 1 machine. Very
> odd. I bumped up the debug level so if it happens again I will have
> something to look at then.
>
> I do see this message:
>
> > (Mon
On Tue, May 23, 2017 at 01:03:49PM +, Joakim Tjernlund wrote:
> On Tue, 2017-05-23 at 11:40 +0200, Lukas Slebodnik wrote:
> > On (23/05/17 09:19), Joakim Tjernlund wrote:
> > > On Tue, 2017-05-23 at 11:07 +0200, Lukas Slebodnik wrote:
> > > > On (23/05/17 08:39), Joakim Tjernlund wrote:
> > >
On Thu, May 18, 2017 at 11:40:18AM -0400, Striker Leggette wrote:
> I can understand the first unlock from waking up from sleep. For the
> second, bump your debug_level in sssd.conf up to 7 and then check to see if
> you have any "Got request" lines in /var/log/sssd/sssd_domain.log for the
>
On Sat, May 27, 2017 at 07:30:29PM +0200, Lukas Slebodnik wrote:
> On (27/05/17 04:29), Ali, Saqib wrote:
> >Hi Lukas,
> >
> >We don't have freeipa. Is it possible to do host based access control using
> >just ldap and sssd?
> >
> HBAC is implemented only with access_provider ipa.
> GPO is
On Wed, May 31, 2017 at 08:19:56AM +1000, Lachlan Musicman wrote:
> Hi all,
>
> I noticed a while ago that 1.15.3 was versioned in the repo but I've not
> seen anything released? I'm mostly looking on the COPR
> (
>
On Wed, May 31, 2017 at 10:09:26AM +0200, Lukas Slebodnik wrote:
> On (31/05/17 08:19), Lachlan Musicman wrote:
> >Hi all,
> >
> >I noticed a while ago that 1.15.3 was versioned in the repo but I've not
> >seen anything released? I'm mostly looking on the COPR
> >(
>
On Thu, Jun 15, 2017 at 08:35:59AM -, Rishat Teregulov wrote:
> All logs too big
> https://contattafiles.s3-us-west-1.amazonaws.com/tnt3511/wqtpj4q4fAwIX3p/sssd.logs
I see:
(Thu Jun 15 08:34:24 2017) [sssd[be[AD.DOMAIN.EXAMPLE]]] [ad_sasl_log]
(0x0040): SASL: GSSAPI Error: Unspecified GSS
On Thu, Jun 15, 2017 at 06:39:30AM -, Rishat Teregulov wrote:
> Is there any way to fully disable dns server lookup
Just set the ad_server option:
ad_server, ad_backup_server (string)
The comma-separated list of hostnames of the AD servers to which
SSSD should connect in
On Thu, Jun 15, 2017 at 08:03:39AM -, Rishat Teregulov wrote:
> Sorry, forgot to mention.
> Already done this.
> Here is my sssd.conf
Did you take a look into the logs to see which servers are being
autodiscovered?
> [sssd]
> domains = AD.DOMAIN.EXAMPLE
> config_file_version = 2
> services =
On Fri, Jun 09, 2017 at 04:28:45PM +, Joakim Tjernlund wrote:
> both 1.15.2 and git master hangs after less than 24 hour on
> a server.
>
> I can see this repeating the domain log:
>
> (Fri Jun 9 18:21:49 2017) [sssd[be[infinera.com]]] [orderly_shutdown]
> (0x0010): SIGTERM: killing
On Sat, Jun 10, 2017 at 07:56:47AM +, Joakim Tjernlund wrote:
> On Sat, 2017-06-10 at 08:24 +0200, Jakub Hrozek wrote:
> > On Fri, Jun 09, 2017 at 04:28:45PM +, Joakim Tjernlund wrote:
> > > both 1.15.2 and git master hangs after less than 24 hour on
> > > a ser
On Mon, Jun 12, 2017 at 08:29:29AM +, Joakim Tjernlund wrote:
> On Mon, 2017-06-12 at 09:19 +0100, John Hodrien wrote:
> > On Sun, 11 Jun 2017, Jakub Hrozek wrote:
> >
> > > Oh, sure. The other alternative might be to mount the cache to tmpfs.
> >
>
On Tue, Jun 13, 2017 at 12:34:41PM +, Joakim Tjernlund wrote:
> > timeout = 30 in domain section SEEMS to help, no problem since yesterday.
> > What did I really do here?
> >
>
> However, now I see that getent group/getent group is incomplete,
> members are missing.
> And it varies between
On Tue, Jun 13, 2017 at 12:12:05PM +, Joakim Tjernlund wrote:
> > It is now :) was in the wrong section before
>
> timeout = 30 in domain section SEEMS to help, no problem since yesterday.
> What did I really do here?
There is a ticket to document this better already but tl;dr there is a
On Tue, Jun 13, 2017 at 06:18:24PM +, Joakim Tjernlund wrote:
> On Tue, 2017-06-13 at 17:59 +0200, Jakub Hrozek wrote:
> > On Tue, Jun 13, 2017 at 12:34:41PM +, Joakim Tjernlund wrote:
> > > > timeout = 30 in domain section SEEMS to help, no problem since
> >
On Tue, Jun 13, 2017 at 06:21:28PM +, Joakim Tjernlund wrote:
> On Tue, 2017-06-13 at 18:01 +0200, Jakub Hrozek wrote:
> > On Tue, Jun 13, 2017 at 12:12:05PM +, Joakim Tjernlund wrote:
> > > > It is now :) was in the wrong section before
> > >
> > &g
On Tue, Jun 13, 2017 at 02:07:02PM +0100, Tony Barganski wrote:
> H Jakub Hrozek
>
> I also have a use case for this. My situation is that we are building out
> Linux Server environments in AWS cloud for SAP clients and want a way to have
> centralised accounts for our engi
On Mon, May 01, 2017 at 03:06:02PM -, s.ques...@alkante.com wrote:
> Hi,
> please I searched in cached page, but I'm unable to access that documentation
> that seems important to me.
> Could you provide me an archive of this page?
>
On Fri, May 05, 2017 at 11:02:44AM +, Ondrej Valousek wrote:
> Hi all,
>
> Simple question:
> In case we not use ldap_id_mapping, does SSSD require posix attrs in GC or
> not?
Not require, but would open a connection to each domain DC instead of
just a single connection to a GC.
I'm sorry I didn't notice this mail in the moderation queue sooner..
On Mon, May 01, 2017 at 05:21:55PM -0500, Clayton Daley wrote:
> Good Morning,
>
> We're doing some tests on Ubuntu 16.04 before upgrading and I'm having an
> issue with sss (ldap) sudoers. On 14.04, everything works:
>
>
First, I’m sorry your mail was stuck in moderation for so long. We receive
large amount of spam lately and legitimate mails sometimes slip..
Second, you need to look into the domain logs and/or the child helpers
(krb5_child, gpo_child) because that’s what emits the error. Please see
> On 29 Aug 2017, at 16:27, Mukund wrote:
>
> Hi
>
> I am trying to configure SSSD in all the datanodes and namenodes on a HDP
> cluster. Following is my config.
>
> The local group id and LDAP group id created by SSSD are conflicting because
> of which certain
On Mon, Sep 11, 2017 at 12:23:26PM +0100, John Beranek wrote:
> On 1 September 2017 at 15:54, Lukas Slebodnik wrote:
> >
> > On (01/09/17 09:33), William Edsall wrote:
> > >Had a few communications with Michal but we're still stuck.
> > >
> > >One issue is that we have dozens
I agree and I was pondering this for a long time but I could never think of a
reasonable way that wouldn’t be too intrusive.
The only way I could think of was to have a structure that would be used as a
parent context of tevent requests inside SSSD and internally track request
nesting.
But
On Tue, Sep 12, 2017 at 06:06:19PM +0100, John Beranek wrote:
> On 12 September 2017 at 18:03, John Beranek wrote:
> > On 12 September 2017 at 17:59, John Beranek wrote:
> >> On 11 September 2017 at 14:28, Jakub Hrozek wrote:
> >>> On Mon, Sep 11, 2017 at 12:23:
> On 22 Sep 2017, at 15:06, Galen Johnson wrote:
>
> Hey,
>
> Pretty sure the answer is no but there are some packages that allow you to
> set up your systems to use a database as the provider for nss and pam
> (libnss_mysql, libpam_mysql)...does sssd support this
On Mon, Oct 02, 2017 at 11:39:05AM -0700, Jeff White wrote:
> LDAP is working fine. I can query no problems with ldapsearch search, sssd
> just won't accept the exact same certificate.
Sorry, I should have read the logs before replying.
Try adding:
ldap_referrals = false
to the domain
On Mon, Oct 02, 2017 at 07:14:53PM +, Jeff White wrote:
> That seems to fix the issue. I'm not sure why, but it does. I guess the
> LDAP server could refer to another server or domain by a name not included
> in the cert? Even with logging turned way up I could not find any entry
> that
On Mon, Aug 21, 2017 at 10:24:50AM +1000, Lachlan Musicman wrote:
> On 18 August 2017 at 17:33, Jakub Hrozek <jhro...@redhat.com> wrote:
>
> > On Thu, Aug 17, 2017 at 03:36:20PM +1000, Lachlan Musicman wrote:
> > > We use FreeIPA/SSSD to authenticate our RStudio Server,
On Mon, Aug 21, 2017 at 02:53:39PM -0400, Louis Garcia wrote:
> On Mon, Aug 21, 2017 at 3:22 AM, Lukas Slebodnik
> wrote:
>
> > On (19/08/17 14:45), Louis Garcia wrote:
> > >On Sat, Aug 19, 2017 at 5:01 AM, Lukas Slebodnik
> > >wrote:
> > >
> > >> On
On Mon, Sep 04, 2017 at 01:06:22PM -0400, Mark London wrote:
> Sumit - Thanks for the info. Some of our users do work directly at the
> workstation, so I'm glad to hear that they would get a fresh Kerberos
> ticket, when they would have to login via the screen saver, on a daily
> basis..
Does access work from any RHEL/CentOS client? (I’m asking because as long as
those are fully patched, all HBAC-related bugs should be fixed there)
There was a bug that we fixed in commit
88f6d8ad4eef4b4fa032fd451ad732cf8201b0bf in the sssd-1-13 branch that should
help.
However, that commit
On Wed, Oct 18, 2017 at 10:00:35AM +0200, Michael Löffler wrote:
> Dear SSSD Users,
>
> I have a question regarding the renewal of Kerberos tickets within a Samba
> AD. All servers and clients are running Ubuntu 16.04. We have a lot of
> Windows clients too; therefore we're using Samba. First of
On Tue, Oct 17, 2017 at 05:15:08PM -0400, Asif Iqbal wrote:
> I setup sssd to login with 2 factor auth and it works fine and then I am
> failing to sudo with ldap even though id_provider is ldap.
>
> Here is log from sssd_LDAP when running sudo -s
>
>http://dpaste.com/36PTMS0.txt
>
> Here
On Thu, Oct 19, 2017 at 11:40:39AM +0200, Michael Löffler wrote:
> Hi,
>
> > Yes, please check man sssd-krb5 and the option that include 'renew' in
> > their name, e.g. "krb5_renewable_lifetime".
> After reading the manpage, I thought that this only affects auths via krb5 -
> however, our
On Thu, Oct 19, 2017 at 08:41:42AM +0200, Hampus Lundqvist wrote:
> Hello
>
> Im searching for a solution to use shortnames for users from both
> FreeIPA(4.5) realm and a from a Trusted AD realm, I'm using Centos6.9
> which has sssd 1.13.
>
> I’m doing it for the centos7’s using domain
On Thu, Oct 19, 2017 at 07:28:53AM +, Hampus Lundqvist wrote:
> Hi.
> Ok, thanks for the answer.
> I just tested installing the sssd-1.15.3-1.1.el6.x86_64 from the repository
> on copr.
> It started and seems to work, until I do a service sssd stop. It hangs and
> will not stop using the
On Wed, Oct 18, 2017 at 03:37:44PM +, Thomas Beaudry wrote:
> Hi,
>
>
> I have repeated issues with users losing their usernames (only being mapped
> to their uid / in the terminal it says "i have no name!@host"). It doesn't
> happen daily, but it is extremely frustrating because they are
On Mon, Oct 23, 2017 at 10:11:50AM +0200, Jeremy Monnet wrote:
> Hi,
>
>
>
> On Sat, Oct 21, 2017 at 8:56 PM, Jakub Hrozek <jhro...@redhat.com> wrote:
>
> > On Fri, Oct 20, 2017 at 04:39:54PM +0200, Jeremy Monnet wrote:
> > > Hi,
> > >
> >
On Mon, Oct 23, 2017 at 08:46:08PM +0200, Michael Ströder wrote:
> HI!
>
> Has anything changed with building the man pages?
>
> I'm asking because I now get formatting markup in the output of man (see
> below).
No, not that I'm aware of. You render the man pages locally, right,
because the
On Mon, Oct 23, 2017 at 09:19:21PM +0200, Michael Ströder wrote:
> Jakub Hrozek wrote:
> > On Mon, Oct 23, 2017 at 08:46:08PM +0200, Michael Ströder wrote:
> >> Has anything changed with building the man pages?
> >>
> >> I'm asking because I now get formatt
On Fri, Nov 24, 2017 at 10:02:15AM +, Conwell, Nik wrote:
> Interesting, thanks. I had tried the simple provider but this didn't
> restrict access.
Did you look into the logs why it didn't? Did you use a group that showed
up in the group list of the "id" command?
> Since the docs noted
On Mon, Nov 20, 2017 at 09:29:06AM -0700, Zane Zakraisek wrote:
> Hi, I'm looking at migrating my Red Hat 7.4 machines off nslcd and onto
> sssd.
>
> I've got a very simple sssd.conf here running SSSD 1.15.2.
>
> [sssd]
> domains = my.domain
> config_file_version = 2
> services = nss, pam
>
>
On Wed, Nov 22, 2017 at 07:56:57PM +, Conwell, Nik wrote:
> Hi all, I'm jumping in to using sssd-ad here at BU. I'm able to domain join
> a CentOS7 and pull our AD entries successfully but am having troubles with
> ad_access_filter to restrict access to a group.
>
> Due to FERPA
On Mon, Dec 18, 2017 at 10:51:55PM +, Jay McCanta wrote:
> We found out it has to do with GPO. With
> ad_gpo_access_control = enforcing
>
> we get failures (system error 4 with no indication in the logs it was GPO in
> any way).
>
> ad_gpo_access_control = permissive
>
> and all is well.
On Mon, Dec 18, 2017 at 11:11:25PM +, Max DiOrio wrote:
> Hey guys? Any thoughts on this? It's impacting our production environment.
>
> Thanks!
I think Pavel's reply must have missed you, I think we still need the
logs he requested:
On Fri, Nov 17, 2017 at 07:43:15PM +, Mark Ignacio wrote:
> Hey folks,
>
> During an internal reliability test, we recently found out that
> /var/lib/sss/pubconf/kdcinfo.${REALM} stays static even when the IP
> cached there is unreachable or down. During the test, kinit failed
> consistently
I'm sorry for the late reply, but we've all been busy finishing work on
a RHEL update.
On Mon, Oct 23, 2017 at 10:29:13AM +0200, Jeremy Monnet wrote:
> Hi,
>
> I am trying to setup an authentication against Active Directory, with
> multiple domains, and I haven't been able to find the
On Tue, Oct 31, 2017 at 10:57:23AM -0600, Jeff Sadowski wrote:
> (Tue Oct 31 10:16:44 2017) [sssd[be[mind.unm.edu]]] [ad_sasl_log]
> (0x0040): SASL: GSSAPI Error: Unspecified GSS failure. Minor code may
> provide more information (Server not found in Kerberos database)
> (Tue Oct 31 10:16:44
On Wed, Oct 25, 2017 at 03:43:14PM +0200, Jeremy Monnet wrote:
> Hi,
>
> On Tue, Oct 24, 2017 at 10:03 PM, Jakub Hrozek <jhro...@redhat.com> wrote:
>
> > >
> > > On these 2 servers, authentication works for testu...@sub1.example.com.
> > I
>
On Thu, Nov 02, 2017 at 07:06:59PM +0100, Stefan Kania wrote:
> Am 02.11.2017 um 17:00 schrieb Mario Rossi:
> > If using own objectclass, I would think you will use custom attributes ?
> >
> > ldap_group_member = *hMemberDN*
> > ldap_user_member_of = *description*
>
> This is what I did now.
No, I’m afraid there will be only a number of patches for bug fixes, no RFEs
and no rebase..
> On 11 Nov 2017, at 20:46, Grigory Trenin wrote:
>
> Hi Jakub,
>
> Is there a chance that SSSD is rebased to 1.15.3 in RHEL6/Centos6?
> Maybe in 6.10?
> I'm also missing this nice
Pavel, does this sound like the bug you were looking at wrt sudo lately?
On Wed, Nov 08, 2017 at 09:46:25PM +, Charles Hedrick wrote:
> Netapp wants the domain field to be blank. That leaves us a problem that’s
> hard to solve.
>
> On Nov 8, 2017, at 4:41 PM, Charles Hedrick
>
On Mon, Dec 11, 2017 at 08:45:25AM -, Иван Мастренко wrote:
> Hello!
> Can i customize format of Info message about password expiration?
>
> Now, I get this message:
>
> login as: myldapuser
> myldapuser@myterminalhost's password:
> Your password will expire in 5 day(s).
> Last login: Mon
skel_dir is only valid for domain types with id_provider=local
For any other provider except local, sssd doesn’t create the homedir, it just
returns the homedir value. So any tuning of the skeldir would have to be done
on the side that creates the home directory (pam_mkhomedir or such..)
> On
On Mon, Oct 23, 2017 at 06:47:53PM +0200, Jeremy Monnet wrote:
> On Mon, Oct 23, 2017 at 4:55 PM, Jeremy Monnet wrote:
>
> >
> >> This sounds wrong:
> >> [sdap_kinit_send] (0x0400): Attempting kinit (default,
> >> host/.., ., 86400)
> >> with AD, you normally want to use
On Mon, Oct 23, 2017 at 09:33:11PM +0200, Michael Ströder wrote:
> Jakub Hrozek wrote:
> > On Mon, Oct 23, 2017 at 09:19:21PM +0200, Michael Ströder wrote:
> >> Jakub Hrozek wrote:
> >>> On Mon, Oct 23, 2017 at 08:46:08PM +0200, Michael Ströder wrote:
> >&g
On Mon, Oct 23, 2017 at 02:20:13PM +, Thomas Beaudry wrote:
> Hi,
>
> The user is: j_huc uid: 891461586
(I'm sorry about the delay)
Yes, that ID appears to have some issues:
(Fri Oct 20 14:04:27 2017) [sssd[be[domain.ca]]] [be_get_account_info]
(0x0200): Got request for
On Fri, Oct 20, 2017 at 04:39:54PM +0200, Jeremy Monnet wrote:
> Hi,
>
> I have that error message that I do not understand, because I have 2 ubuntu
> servers setup the same way (but 1 ubuntu 14.04 and 1 ubuntu 16.04). Ubuntu
> 14 is working fine, I can authenticate and sudo just fine, Ubuntu 16
On Thu, Oct 19, 2017 at 01:01:18PM +0200, Michael Löffler wrote:
> Thanks for your answers!
>
> > > > Yes, please check man sssd-krb5 and the option that include 'renew' in
> > > > their name, e.g. "krb5_renewable_lifetime".
> > > After reading the manpage, I thought that this only affects auths
On Fri, Oct 20, 2017 at 07:35:02PM +, Thomas Beaudry wrote:
> Hi,
>
> Here is the sssd domain log:
> https://drive.google.com/open?id=0B5ihYtqDQffzaUpERnkyNHlZamM
>
> The crash occured between today (Friday Oct 20 2;14-2:17pm)
I'm sorry, but I don't see anything outright wrong. There are
On Tue, Dec 19, 2017 at 05:27:02PM -0500, Max DiOrio wrote:
> Hey Jakub,
>
> I sent a response almost immediately - which is why I followed up when I
> hadn't heard back. You guys normally respond quickly.
Ahh, sorry about that, it's my fault. The mail got stuck in the
moderation queue and I
> On 13 May 2018, at 22:44, Spike White wrote:
>
>
>
>
> Sssd aficionados,
>
> It is with great interest that I read the announcement of SSSD version 1.15.3.
>
>
> On 9 May 2018, at 11:30, JOHE (John Hearns) wrote:
>
> I know I could look this one up in the docs somewhere...
> If I have a Linux workstation which is using AD for the authentication
> provider.
> If I change my password using a Windows machine, what then happens when
> On 9 May 2018, at 11:27, JOHE (John Hearns) wrote:
>
> I have set up sssd authentication on a Ubuntu Xenial workstation, with the
> Lightdm windowing manager.
>
> When the sssd service starts the sssd_be process is taking 100% CPU. I am not
> that concerned with this.
>
On Fri, May 11, 2018 at 06:32:46PM +1000, Lachlan Musicman wrote:
> I'll wait :) I've only deployed to dev servers, so being broken is not a
> problem/urgent rush.
Can you file a bug upstream so that we remember to rebuild the repo?
___
sssd-users
Mon May 14 11:38:01:294090 2018) [sssd] [confdb_get_domains] (0x0010): Error
> (2 [No such file or directory]) retrieving domain [apac.company.com],
> skipping!
>
> But if I use:
>
> [domain/amer.company.com]
> ...
>
> [domain/apac.company.com]
> ...
>
> All works
> On 18 May 2018, at 18:46, James Ralston wrote:
>
> We have a small development Active Directory domain where we have
> several RHEL7 hosts.
>
> We never extended our AD schema with the RFC2307 attributes
> (uidNumber, gidNumber, et. al.). Instead, we just configured sssd
Yes, just please make sure they don’t contain some confidential data (host
names etc..)
> On 12 Jun 2018, at 10:09, JOHE (John Hearns) wrote:
>
> Hi Jakub. I have the logs available. What is the best way to upload?
> I guess just attach them here as a reply!
> From: Jakub Hro
On Wed, Jun 06, 2018 at 03:43:18PM -0400, Asif Iqbal wrote:
> I can `*id axisys*` and it *works* fine with ubuntu xenial running *sssd
> version 1.13.4* but *failing* on ubuntu trusty running *sssd version 1.11.8*
>
> I have the same *sssd.conf* and *nsswitch.conf* on both servers and I also
>
On Fri, Jun 08, 2018 at 12:33:05PM +, JOHE (John Hearns) wrote:
> sssd version 1.15.0 running on Ubuntu Xenial.
> In my setup sssd is not automatically refreshing computer account tickets
> after 30 days, for some reason.
Does the machine that is not refreshing the tickets have adcli
old object instead of merging it
* tlog: only log in tcurl_write_data when SSS_KCM_LOG_PRIVATE_DATA is set
to YES
On Fri, Jun 08, 2018 at 01:10:36PM -0400, Asif Iqbal wrote:
> On Fri, Jun 8, 2018 at 9:25 AM, Jakub Hrozek wrote:
>
> > On Wed, Jun 06, 2018 at 03:43:18PM -0400, Asif Iqbal wrote:
> > > I can `*id axisys*` and it *works* fine with ubuntu xenial running *sssd
> > >
701 - 800 of 987 matches
Mail list logo