[SSSD-users] Re: SSSD Packet Capture Samples

2017-08-08 Thread Tom Peterson 
Hi Jakub,

Looked like the link was going to the Red Hat documentation. I think I have
a PR to update this here:

https://pagure.io/SSSD/docs/pull-request/42

Thanks,
Tom

On Tue, Aug 8, 2017 at 8:53 AM, Tom Peterson  wrote:

> Hi Jakub,
>
> That is awesome! I haven't forgot about the id_provider=ad tests either.
> Just been tough finding some time lately but these are still on my list to
> add.
>
> I'm really happy to be able to contribute something here you find useful
> enough to link to from the SSSD docs themselves! SSSD has really made this
> so much easier from my perspective and it's been great learning more about
> how it works from the perspective of the actual packets transmitted back
> and forth!
>
> Thanks again for adding this!
>
> -Tom
>
> On Mon, Aug 7, 2017 at 11:19 AM, Jakub Hrozek  wrote:
>
>> I opened a PR against the SSSD docs to include a link to your page:
>> https://pagure.io/SSSD/docs/pull-request/40
>>
>> I also realised that the sssd documentation is hard to contribute to, so
>> I tried to add a README:
>> https://pagure.io/SSSD/docs/pull-request/41
>>
>> And finally I also spread the word about your work on Twitter:
>> https://twitter.com/SysSecSvcDaemon/status/894578630759636993
>>
>> On 31 Jul 2017, at 16:40, Tom Peterson  wrote:
>>
>> Hi Jakub,
>>
>> That would be great if you wanted to link this page from the pagure docs!
>>
>> I'd love to collect some more pcaps and scenarios too! I think using
>> id_provider=ad would be a great addition to these and I'll explore this
>> next. I should be able to find some time this week to generate some pcap
>> files for this and I will send you an update once I've got another set of
>> captures! Really glad that we can add something that might help!!!
>>
>> Thanks for taking a look at these!
>>
>> -Tom
>>
>> On Sat, Jul 29, 2017 at 4:14 PM, Jakub Hrozek 
>> wrote:
>>
>>>
>>> On 28 Jul 2017, at 12:39, Lukas Slebodnik  wrote:
>>>
>>> On (27/07/17 15:30), Tom Peterson wrote:
>>>
>>> Hi All,
>>>
>>> First off thank you for all the hard work put into SSSD! It's been a
>>> great
>>> piece of software to work with and seems like it has a configuration
>>> setting for just about anything that can be thrown at it!
>>>
>>> We use SSSD at work and I've helped troubleshoot a few instances of
>>> authenticating against an external LDAP server. I setup a little lab to
>>> collect captures of some different config settings. My initial set is
>>> around different TLS scenarios:
>>>
>>> https://support.cloudshark.org/kb/sssd-activedirectory-captures.html
>>>
>>> It looks very good.
>>>
>>>
>>> Indeed.
>>>
>>> I wonder if you agree if we link your page from our pagure docs? I think
>>> we should have some “external docs” or similar here:
>>> https://pagure.io/docs/SSSD/sssd/
>>>
>>> Also, did you consider doing the same for id_provider=ad?
>>>
>>> ___
>>> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
>>> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
>>>
>>>
>> ___
>> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
>> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
>>
>>
>>
>> ___
>> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
>> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
>>
>>
>
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

[SSSD-users] Re: SSSD Packet Capture Samples

2017-08-08 Thread Tom Peterson 
Hi Jakub,

That is awesome! I haven't forgot about the id_provider=ad tests either.
Just been tough finding some time lately but these are still on my list to
add.

I'm really happy to be able to contribute something here you find useful
enough to link to from the SSSD docs themselves! SSSD has really made this
so much easier from my perspective and it's been great learning more about
how it works from the perspective of the actual packets transmitted back
and forth!

Thanks again for adding this!

-Tom

On Mon, Aug 7, 2017 at 11:19 AM, Jakub Hrozek  wrote:

> I opened a PR against the SSSD docs to include a link to your page:
> https://pagure.io/SSSD/docs/pull-request/40
>
> I also realised that the sssd documentation is hard to contribute to, so I
> tried to add a README:
> https://pagure.io/SSSD/docs/pull-request/41
>
> And finally I also spread the word about your work on Twitter:
> https://twitter.com/SysSecSvcDaemon/status/894578630759636993
>
> On 31 Jul 2017, at 16:40, Tom Peterson  wrote:
>
> Hi Jakub,
>
> That would be great if you wanted to link this page from the pagure docs!
>
> I'd love to collect some more pcaps and scenarios too! I think using
> id_provider=ad would be a great addition to these and I'll explore this
> next. I should be able to find some time this week to generate some pcap
> files for this and I will send you an update once I've got another set of
> captures! Really glad that we can add something that might help!!!
>
> Thanks for taking a look at these!
>
> -Tom
>
> On Sat, Jul 29, 2017 at 4:14 PM, Jakub Hrozek 
> wrote:
>
>>
>> On 28 Jul 2017, at 12:39, Lukas Slebodnik  wrote:
>>
>> On (27/07/17 15:30), Tom Peterson wrote:
>>
>> Hi All,
>>
>> First off thank you for all the hard work put into SSSD! It's been a great
>> piece of software to work with and seems like it has a configuration
>> setting for just about anything that can be thrown at it!
>>
>> We use SSSD at work and I've helped troubleshoot a few instances of
>> authenticating against an external LDAP server. I setup a little lab to
>> collect captures of some different config settings. My initial set is
>> around different TLS scenarios:
>>
>> https://support.cloudshark.org/kb/sssd-activedirectory-captures.html
>>
>> It looks very good.
>>
>>
>> Indeed.
>>
>> I wonder if you agree if we link your page from our pagure docs? I think
>> we should have some “external docs” or similar here:
>> https://pagure.io/docs/SSSD/sssd/
>>
>> Also, did you consider doing the same for id_provider=ad?
>>
>> ___
>> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
>> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
>>
>>
> ___
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
>
>
>
> ___
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
>
>
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

[SSSD-users] Re: SSSD Packet Capture Samples

2017-08-07 Thread Jakub Hrozek 
I opened a PR against the SSSD docs to include a link to your page:
https://pagure.io/SSSD/docs/pull-request/40 


I also realised that the sssd documentation is hard to contribute to, so I 
tried to add a README:
https://pagure.io/SSSD/docs/pull-request/41 


And finally I also spread the word about your work on Twitter:
https://twitter.com/SysSecSvcDaemon/status/894578630759636993 


> On 31 Jul 2017, at 16:40, Tom Peterson  wrote:
> 
> Hi Jakub,
> 
> That would be great if you wanted to link this page from the pagure docs! 
> 
> I'd love to collect some more pcaps and scenarios too! I think using 
> id_provider=ad would be a great addition to these and I'll explore this next. 
> I should be able to find some time this week to generate some pcap files for 
> this and I will send you an update once I've got another set of captures! 
> Really glad that we can add something that might help!!!
> 
> Thanks for taking a look at these!
> 
> -Tom
> 
> On Sat, Jul 29, 2017 at 4:14 PM, Jakub Hrozek  > wrote:
> 
>> On 28 Jul 2017, at 12:39, Lukas Slebodnik > > wrote:
>> 
>> On (27/07/17 15:30), Tom Peterson wrote:
>>> Hi All,
>>> 
>>> First off thank you for all the hard work put into SSSD! It's been a great
>>> piece of software to work with and seems like it has a configuration
>>> setting for just about anything that can be thrown at it!
>>> 
>>> We use SSSD at work and I've helped troubleshoot a few instances of
>>> authenticating against an external LDAP server. I setup a little lab to
>>> collect captures of some different config settings. My initial set is
>>> around different TLS scenarios:
>>> 
>>> https://support.cloudshark.org/kb/sssd-activedirectory-captures.html 
>>> 
>>> 
>> It looks very good.
> 
> Indeed.
> 
> I wonder if you agree if we link your page from our pagure docs? I think we 
> should have some “external docs” or similar here:
> https://pagure.io/docs/SSSD/sssd/ 
> 
> Also, did you consider doing the same for id_provider=ad?
> 
> ___
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org 
> 
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org 
> 
> 
> 
> ___
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

[SSSD-users] Re: SSSD Packet Capture Samples

2017-07-31 Thread Tom Peterson 
Hi Jakub,

That would be great if you wanted to link this page from the pagure docs!

I'd love to collect some more pcaps and scenarios too! I think using
id_provider=ad would be a great addition to these and I'll explore this
next. I should be able to find some time this week to generate some pcap
files for this and I will send you an update once I've got another set of
captures! Really glad that we can add something that might help!!!

Thanks for taking a look at these!

-Tom

On Sat, Jul 29, 2017 at 4:14 PM, Jakub Hrozek 
wrote:

>
> On 28 Jul 2017, at 12:39, Lukas Slebodnik  wrote:
>
> On (27/07/17 15:30), Tom Peterson wrote:
>
> Hi All,
>
> First off thank you for all the hard work put into SSSD! It's been a great
> piece of software to work with and seems like it has a configuration
> setting for just about anything that can be thrown at it!
>
> We use SSSD at work and I've helped troubleshoot a few instances of
> authenticating against an external LDAP server. I setup a little lab to
> collect captures of some different config settings. My initial set is
> around different TLS scenarios:
>
> https://support.cloudshark.org/kb/sssd-activedirectory-captures.html
>
> It looks very good.
>
>
> Indeed.
>
> I wonder if you agree if we link your page from our pagure docs? I think
> we should have some “external docs” or similar here:
> https://pagure.io/docs/SSSD/sssd/
>
> Also, did you consider doing the same for id_provider=ad?
>
> ___
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
>
>
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

[SSSD-users] Re: SSSD Packet Capture Samples

2017-07-29 Thread Jakub Hrozek 

> On 28 Jul 2017, at 12:39, Lukas Slebodnik  wrote:
> 
> On (27/07/17 15:30), Tom Peterson wrote:
>> Hi All,
>> 
>> First off thank you for all the hard work put into SSSD! It's been a great
>> piece of software to work with and seems like it has a configuration
>> setting for just about anything that can be thrown at it!
>> 
>> We use SSSD at work and I've helped troubleshoot a few instances of
>> authenticating against an external LDAP server. I setup a little lab to
>> collect captures of some different config settings. My initial set is
>> around different TLS scenarios:
>> 
>> https://support.cloudshark.org/kb/sssd-activedirectory-captures.html
>> 
> It looks very good.

Indeed.

I wonder if you agree if we link your page from our pagure docs? I think we 
should have some “external docs” or similar here:
https://pagure.io/docs/SSSD/sssd/ 

Also, did you consider doing the same for id_provider=ad?___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

[SSSD-users] Re: SSSD Packet Capture Samples

2017-07-28 Thread Tom Peterson 
Hi Lukas,

Thanks for taking a look at this! I updated this to remove specific mention
to the flag used to disable TLS. Thats a very good point and honestly I'm
not even sure how I came across that in the first place! Thank you for the
clarification on ldaps vs start_tls too. Looking forward to adding more
scenarios and captures to this!

-Tom

On Fri, Jul 28, 2017 at 6:39 AM, Lukas Slebodnik 
wrote:

> On (27/07/17 15:30), Tom Peterson wrote:
> >Hi All,
> >
> >First off thank you for all the hard work put into SSSD! It's been a great
> >piece of software to work with and seems like it has a configuration
> >setting for just about anything that can be thrown at it!
> >
> >We use SSSD at work and I've helped troubleshoot a few instances of
> >authenticating against an external LDAP server. I setup a little lab to
> >collect captures of some different config settings. My initial set is
> >around different TLS scenarios:
> >
> >https://support.cloudshark.org/kb/sssd-activedirectory-captures.html
> >
> It looks very good.
>
> >All of the raw capture files can be downloaded after opening them by going
> >to 'Export -> Download File'.
> >
> >I'll be adding to this and have a few more scenarios in mind I want to
> >explore. If anyone has any feedback or suggestions on things they would
> >like to see please let me know!I Hoping someone finds this little
> >contribution of captures useful.
> >
>
> I would prefer if ldap_auth_disable_tls_never_use_in_production
> was not advertised. This option is intentionally hidden in all sssd
> documentation.
>
> BTW It is not required to use ldaps(636) because sssd use start_tls
> before each authentication even with ldap(389).
>
> And after enabling option ldap_id_use_start_tls it would be used even
> with id_provider and not jsut with auth_provider.
>
> >And once again, thank you for all the work put into SSSD!
> >
> Thank you :-)
>
> LS
> ___
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
>
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org