On Wed, Aug 02, 2017 at 02:43:35PM +0200, Jakub Hrozek wrote: > On Wed, Aug 02, 2017 at 09:46:43AM +0200, Lukas Slebodnik wrote: > > On (02/08/17 09:43), Jakub Hrozek wrote: > > >On Tue, Aug 01, 2017 at 04:46:32PM -0400, Louis Garcia wrote: > > >> In fedora 26 where should sssd.conf live? /etc/sssd/ or > > >> /etc/sssd/conf.d/ > > >> ?? > > > > > >Ah, in fedora-26, this setup might be a bit more problematic because > > >sssd by default serves files already. Can you try something like this > > >please (untested): > > > > > IMHO it is not more problematic it's simpler :-) > > Yeah, but users who upgrade (or follow my old blog post) get stuck. I > can update the blog post, not sure what else can we do about the > existing configurations except for hardcoding id_provider=proxy and > proxy_lib_name=files.
sorry, I meant "hardcoding a check if the user is already running id_provider=proxy with lib_name=files and disabling the implicit domain, then". Because the user is already running pretty much the same configuration as the files provider, but because the implicit files are always configured before the explicit domains, this kind of explicit domain is never reached.. > > > > > >[sssd] > > >services = nss, pam > > ># this was missing in your original config > > >domains = kerberos > > > > > >[nss] > > >filter_groups = root > > >filter_users = root > > > > > >[pam] > > >offline_credentials_expiration = 2 > > >offline_failed_login_attempts = 3 > > >offline_failed_login_delay = 5 > > > > > >[domain/kerberos] > > ># files provider instead of proxy > > >id_provider = files > > > > > >auth_provider = krb5 > > >chpass_provider = krb5 > > >krb5_realm = MONTCLAIRE.LOCAL > > >krb5_server = panther.montclaire.local > > > > > >cache_credentials = True > > >krb5_store_password_if_offline = True > > > > If that configuration does not help then please follow our troubleshooting > > wiki > > https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html#troubleshooting-authentication-password-change-and-access-control > > > > LS > > _______________________________________________ > > sssd-users mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
