IT wont add a
sudo schema.
Appreciate the pointer!
>
>
> On Fri, Oct 13, 2017 at 4:49 PM, Asif Iqbal <vad...@gmail.com> wrote:
>
>>
>>
>> On Fri, Oct 13, 2017 at 5:06 PM, John Beranek <j...@redux.org.uk> wrote:
>>
>>> On 13 October 2017 at
On Mon, Oct 16, 2017 at 5:37 PM, Lukas Slebodnik <lsleb...@redhat.com>
wrote:
> On (16/10/17 15:16), Asif Iqbal wrote:
> >On Mon, Oct 16, 2017 at 1:17 PM, Asif Iqbal <vad...@gmail.com> wrote:
> >
> >>
> >> On Fri, Oct 13, 2017 at 6:26 PM, Daniel Co
On Fri, Oct 13, 2017 at 5:06 PM, John Beranek <j...@redux.org.uk> wrote:
> On 13 October 2017 at 19:28, Asif Iqbal wrote:
> > Hi All
> >
> > I have this is sssd.conf
> >
> > [sudo]
> > debug_level = 0x3ff0
> >
> > [domain/LDAP]
On Mon, Oct 16, 2017 at 1:17 PM, Asif Iqbal <vad...@gmail.com> wrote:
>
> On Fri, Oct 13, 2017 at 6:26 PM, Daniel Corrigan <dancorrig...@gmail.com>
> wrote:
>
>> I'm wondering if you have even extended your LDAP schema for sudo. Sudo
>> rules must follow
ke above?
Essentiall all I need is (&(objectClass=mnetperson)(uid=iqbala)) and may be
I will add more attributes if I want other groups to be able to sudo.
Also I do I map this to the sudo command that a user can run?
Appreciate the help!
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer:
On Wed, Oct 18, 2017 at 4:10 AM, Jakub Hrozek <jhro...@redhat.com> wrote:
> On Tue, Oct 17, 2017 at 05:15:08PM -0400, Asif Iqbal wrote:
> > I setup sssd to login with 2 factor auth and it works fine and then I am
> > failing to sudo with ldap even though id_provider is ldap
On Mon, Oct 16, 2017 at 5:37 PM, Lukas Slebodnik <lsleb...@redhat.com>
wrote:
> On (16/10/17 15:16), Asif Iqbal wrote:
> >On Mon, Oct 16, 2017 at 1:17 PM, Asif Iqbal <vad...@gmail.com> wrote:
> >
> >>
> >> On Fri, Oct 13, 2017 at 6:26 PM, Daniel Co
with ldap
as auth provider?
I know both ssh and sudo login works with ldap and krb5, but I need to have
the ssh login with 2FA in my env.
Thanks for your help
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top
On Wed, Oct 18, 2017 at 8:31 AM, Simo Sorce <s...@redhat.com> wrote:
> On Wed, 2017-10-18 at 05:26 -0400, Asif Iqbal wrote:
> > On Wed, Oct 18, 2017 at 4:10 AM, Jakub Hrozek <jhro...@redhat.com>
> > wrote:
> >
> > > On Tue, Oct 17, 2017 at 05:15:08PM -04
ldap_access_filter = (&(cn=jumpstation)(uniquemember=))
Looking for a suggestion how to achieve this.
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad t
h-ac
accountinclude system-auth-ac
password include system-auth-ac
sessionoptional pam_keyinit.so revoke
sessionrequired pam_limits.so
$ sudo -s
[sudo] password for iqbala:
sudo: account validation failure, is your account locked?
It is not locked in LDAP and I checke
gt; schema and you have configured at least one rule in openldap for sudo. In
> my environment I modified the sudo password prompt ( see option passprompt)
> , that way I can distinguish between a non-ldap sudo and sssd-enabled sudo
> :)
>
>
Yes I modified the passprompt too :-)
> Let
On Wed, Nov 8, 2017 at 3:39 PM, Sumit Bose <sb...@redhat.com> wrote:
> On Wed, Nov 08, 2017 at 02:39:46PM -0500, Asif Iqbal wrote:
> > On Thu, Nov 2, 2017 at 12:05 PM, Asif Iqbal <vad...@gmail.com> wrote:
> >
> > > Hi
> > >
> > > I like to aut
rite a local copy of mnetid as numeric
Let me know if you have any hint. I probably will ping openldap mailing
list.
>
> bye,
> Sumit
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-pos
On Wed, May 2, 2018 at 3:02 PM, Asif Iqbal <vad...@gmail.com> wrote:
>
>
> On Tue, Apr 24, 2018 at 1:35 PM, Asif Iqbal <vad...@gmail.com> wrote:
>
>>
>>
>> On Wed, Apr 18, 2018 at 10:49 AM, Sumit Bose <sb...@redhat.com> wrote:
>>
>>>
On Fri, Jun 8, 2018 at 9:25 AM, Jakub Hrozek wrote:
> On Wed, Jun 06, 2018 at 03:43:18PM -0400, Asif Iqbal wrote:
> > I can `*id axisys*` and it *works* fine with ubuntu xenial running *sssd
> > version 1.13.4* but *failing* on ubuntu trusty running *sssd version
> 1.11
ed values.
(Wed Jun 6 19:09:44 2018) [sssd[nss]] [check_cache] (0x0400): Cached entry
is valid, returning..
(Wed Jun 6 19:09:44 2018) [sssd[nss]] [*nss_cmd_getgrgid_search*]
(0x0400): Returning info for gid [408462@LDAP]
(Wed Jun 6 19:09:44 2018) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0
On Tue, Apr 24, 2018 at 1:35 PM, Asif Iqbal <vad...@gmail.com> wrote:
>
>
> On Wed, Apr 18, 2018 at 10:49 AM, Sumit Bose <sb...@redhat.com> wrote:
>
>> > [.. stripped for brevity ..]
>> > > >
>> > > Hi Sumit et al.,
>> &g
I put PIN and TokenCode at the first Password: prompt, login works fine
. I did not put any log for that here.
Any suggestion how to fix pam_sss for OTP?
Thanks!
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: W
sion optional pam_keyinit.so revoke
> session required pam_limits.so
> session optional pam_mkhomedir.so
> session [success=1 default=ignore] pam_succeed_if.so service in crond
> quiet use_uid
> session required pam_unix.so
>
> On 10/26/2017 07:34 PM,
.so
> session [success=1 default=ignore] pam_succeed_if.so service in crond
> quiet use_uid
> session required pam_unix.so
> session optional pam_sss.so
>
>
> On 10/27/2017 10:27 AM, Asif Iqbal wrote:
>
> This setup also failed miserably where pam.d/sshd
be in developer mailing list.
Appreciate any help
On Mar 8, 2018 11:29 PM, "Asif Iqbal" <vad...@gmail.com> wrote:
On Wed, Feb 28, 2018 at 4:27 PM, Jakub Hrozek <jhro...@redhat.com> wrote:
> I think the next good step would be to show the LDIF and logs of a
> r
On Mon, Mar 12, 2018 at 5:59 AM, Sumit Bose <sb...@redhat.com> wrote:
> On Sun, Mar 11, 2018 at 10:25:24AM -0400, Asif Iqbal wrote:
> > I still like some help with any workaround in dealing with string.
> >
> > IT LDAP team do not have any attribute value with real
On Mon, Mar 12, 2018 at 11:04 AM, Asif Iqbal <vad...@gmail.com> wrote:
>
>
> On Mon, Mar 12, 2018 at 5:59 AM, Sumit Bose <sb...@redhat.com> wrote:
>
>> On Sun, Mar 11, 2018 at 10:25:24AM -0400, Asif Iqbal wrote:
>> > I still like some help wit
On Mon, Mar 12, 2018 at 5:59 AM, Sumit Bose <sb...@redhat.com> wrote:
> On Sun, Mar 11, 2018 at 10:25:24AM -0400, Asif Iqbal wrote:
> > I still like some help with any workaround in dealing with string.
> >
> > IT LDAP team do not have any attribute value with real
On Tue, Feb 27, 2018 at 3:37 AM, Sumit Bose <sb...@redhat.com> wrote:
> On Mon, Feb 26, 2018 at 10:21:14PM -0500, Asif Iqbal wrote:
> > I have 300 out of 3000 users whose /home/ dir shows uid and gid
> > instead of username and groupname.
> >
> > It seems to be be
On Tue, Feb 27, 2018 at 3:37 AM, Sumit Bose <sb...@redhat.com> wrote:
> On Mon, Feb 26, 2018 at 10:21:14PM -0500, Asif Iqbal wrote:
> > I have 300 out of 3000 users whose /home/ dir shows uid and gid
> > instead of username and groupname.
> >
> > It seems to be be
guess you have to dump the
> content, change the schema and freshly import all data). Additionally I
> cannot tell if other applications might depend on the leading '0' in
> mnetid. So I guess the most easy short term solution would be to add a
> new integer attribute and sync this att
str] (0x0400):
Adding [NCE/GID/4311] to negative cache
(Thu Mar 8 22:12:00 2018) [sssd[nss]] [sss_dp_req_destructor] (0x0400):
Deleting request: [0x5641be284b10:2:4311@LDAP]
>
> > On 28 Feb 2018, at 01:30, Asif Iqbal <vad...@gmail.com> wrote:
> >
> >
> >
> &g
On Thu, Mar 8, 2018 at 5:25 PM, Asif Iqbal <vad...@gmail.com> wrote:
>
>
> On Thu, Mar 1, 2018 at 4:12 AM, Sumit Bose <sb...@redhat.com> wrote:
>
>> On Wed, Feb 28, 2018 at 10:27:20PM +0100, Jakub Hrozek wrote:
>> > I think the next good step would be to sh
On Tue, Mar 13, 2018 at 3:24 AM, Sumit Bose <sb...@redhat.com> wrote:
> On Mon, Mar 12, 2018 at 03:05:43PM -0400, Asif Iqbal wrote:
> > On Mon, Mar 12, 2018 at 11:04 AM, Asif Iqbal <vad...@gmail.com> wrote:
> >
> > >
> > >
> > > On Mon, Mar 12
On Mon, Apr 2, 2018 at 12:20 PM, Asif Iqbal <vad...@gmail.com> wrote:
>
>
> On Tue, Mar 27, 2018 at 4:43 AM, Sumit Bose <sb...@redhat.com> wrote:
>
>> On Fri, Mar 23, 2018 at 06:13:39PM -0400, Asif Iqbal wrote:
>> > On Thu, Mar 22, 2018 at 2:51
ibute. I have to think a bit about how
> this can be fixed in a general way.
>
> bye,
> Sumit
>
>
Hi Sumit,
Let me know if you need something for me. I am still looking for a
workaround
Appreciate your help!
> >
> > bye,
> > Sumit
> >
>
--
Asif Iqb
On Wed, Apr 18, 2018 at 10:49 AM, Sumit Bose <sb...@redhat.com> wrote:
> On Tue, Apr 10, 2018 at 01:30:44PM +0200, Sumit Bose wrote:
> > On Mon, Apr 09, 2018 at 10:53:51AM -0400, Asif Iqbal wrote:
> > > On Mon, Apr 2, 2018 at 12:20 PM, Asif Iqbal
On Tue, Mar 27, 2018 at 4:43 AM, Sumit Bose <sb...@redhat.com> wrote:
> On Fri, Mar 23, 2018 at 06:13:39PM -0400, Asif Iqbal wrote:
> > On Thu, Mar 22, 2018 at 2:51 PM, Asif Iqbal <vad...@gmail.com> wrote:
> >
> > > > [..stripped for brevity..]
> >
On Thu, Mar 15, 2018 at 4:42 AM, Sumit Bose <sb...@redhat.com> wrote:
> On Wed, Mar 14, 2018 at 03:42:28PM -0400, Asif Iqbal wrote:
> > On Tue, Mar 13, 2018 at 3:24 AM, Sumit Bose <sb...@redhat.com> wrote:
> >
> > > On Mon, Mar 12, 2018 at 03:05:43PM -0400, A
On Wed, Mar 21, 2018 at 4:09 PM, Asif Iqbal <vad...@gmail.com> wrote:
>
>
> On Thu, Mar 15, 2018 at 4:42 AM, Sumit Bose <sb...@redhat.com> wrote:
>
>> On Wed, Mar 14, 2018 at 03:42:28PM -0400, Asif Iqbal wrote:
>> > On Tue, Mar 13, 2018 at 3:24
On Thu, Mar 22, 2018 at 2:51 PM, Asif Iqbal <vad...@gmail.com> wrote:
> > [..stripped for brevity..]
>>> > > > So I see 5% of current users have mnetid with leading 0.
>>> > > >
>>> > > > So I never used sss_override. How do I use
relevant logs
https://paste.fedoraproject.org/paste/gBaZ-Vr8Urh-M5ABpaRNuA
Appreciate any help
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing
On Tue, Feb 27, 2018 at 1:12 PM, Asif Iqbal <vad...@gmail.com> wrote:
>
>
> On Tue, Feb 27, 2018 at 3:37 AM, Sumit Bose <sb...@redhat.com> wrote:
>
>> On Mon, Feb 26, 2018 at 10:21:14PM -0500, Asif Iqbal wrote:
>> > I have 300 out of 3000 users whose /home
40 matches
Mail list logo