Hi again,
After a few hours of trial and error, I've figured it out and got it
working. Well, partly that is.
We use LDAP(Novell eDirectory) primary as identity vault and Kerberos(AD)
for primary authentication source and LDAP as fallback authentication
source.
So, I've disabled Kerberos in SSSD,
Hi,
I've put the log level to 9, which gives a LOT of logging in
sssd_default.log. These are [ldb] and [sdap] entries.
sssd.log itself only shows the message:
(Mon Oct 3 11:48:24 2011) [sssd] [monitor_quit] (0): Monitor received
Terminated: terminating children
(Mon Oct 3 12:04:49 2011) [sssd]
Hi Stephen,
/etc/pam.d/sshd didn't include system-auth. Fixed that, but still not able
to login.
Errors in /var/log/secure:
Oct 3 12:29:14 tst0030 login: pam_sss(login:auth): authentication failure;
logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= user=XXX
Oct 3 12:29:14 tst0030 login: pam
Hi all,
I'm running into problems on a RHEL6 machine with configuring sssd.
I keep getting errors like this:
Sep 30 14:11:26 tst0030 sshd[7512]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=somehost.domain.com user=XXX
Sep 30 14:11:27 tst0030 sshd[7512]:
Hi,
we've configured ldap/sudo with sudo-rules living in LDAP.
cheers,
Andy
2011/4/29 JR Aquino
> > Hi all,
> >
> > Currently, we run SSSD on a RHEL5 update 4 box. SSSD version is 1.2.1.
> For the main purpose we need it, caching credentials, it works like a charm.
> > Now, we have a custom co
Sounds good ! I'll keep an eye on this list !
2011/4/29 Stephen Gallagher
> On Fri, 2011-04-29 at 15:27 +0200, Andy Kannberg wrote:
> > Stephen,
> >
> > Thanks for explaining ! Makes sense.
> > Concerning the integration of sudo with sssd, can you guestimate
.
cheers,
Andy
2011/4/29 Stephen Gallagher
> On Fri, 2011-04-29 at 14:21 +0200, Andy Kannberg wrote:
> > Simo,
> >
> > What surprised me was that it also works for sudo rules that are
> > delivered via LDAP.
> > We don't have a local sudoers file, but all
/4/29 Simo Sorce
> On Fri, 2011-04-29 at 09:47 +0200, Andy Kannberg wrote:
> > Hi all,
> >
> > Currently, we run SSSD on a RHEL5 update 4 box. SSSD version is 1.2.1.
> > For the main purpose we need it, caching credentials, it works like a
> > charm.
> >
Hi all,
Currently, we run SSSD on a RHEL5 update 4 box. SSSD version is 1.2.1. For
the main purpose we need it, caching credentials, it works like a charm.
Now, we have a custom compiled sudo version (sudo 1.6) which does query LDAP
for the sudo rules.
I was testing if sudo still worked while us
After restarting it, it worked !
cheers and thanks a lot for helping me through the PAM-swamp !
Andy
2011/1/28 Stephen Gallagher
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 01/28/2011 09:23 AM, Andy Kannberg wrote:
> > Hi Stephen,
> >
> > er
tional pam_sss.so
cheers,
Andy
2011/1/28 Stephen Gallagher
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 01/28/2011 08:17 AM, Andy Kannberg wrote:
> > Stephen,
> >
> > I've tried to rearrange the system-auth. However, when offline, I still
> > cannot
oke
session optional pam_sss.so
cheers,
Andy
2011/1/27 Stephen Gallagher
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 01/27/2011 10:06 AM, Andy Kannberg wrote:
> > Hi,
> >
> > I've got the SSSD packages from RHEL 5.6 installed on a RHEL 5.4 s
Hi,
I've got the SSSD packages from RHEL 5.6 installed on a RHEL 5.4 system.
SSSD works fine on the command line and when logging in via KDE. Also
logging on with cached credentials (when network is off) works like a charm,
on the command line.
When I want to login with cached credentials via KDE
Hi Stephen,
It was indeed the unencrypted channel that was the culprit. We tried
authenticating against a system with LDAP+GSSAPI and it worked like a charm
!
Thanks !
cheers,
Andy
2010/8/30 Stephen Gallagher
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 08/30/2010 09
Hi all,
In our setup, we run into the following problem: When sssd is configured,
the authentication against ldap fails, but succeeds against kerberos/AD. Our
ldap/edirectory guru has, as far as he is concerned, pinned the problem down
due to the fact that ldap authentication fails with the loggin
Hi again,
I'm trying to setup offline authentication. I've added the
cache_credentials = true
for the LDAP domain in the /etc/sssd/sssd.conf
but when I try to login (while network is not connected), I get a timeout.
Is there anything else that needs to be configured ?
cheers,
Andy
__
Stephen,
I've fixed the problem. I copied over system-auth from another system and it
worked.
I reconfigured the files again, started the sssd daemon, and now everything
works !
I guess I need to do some homework concerning PAM, LDAP and Kerberos :-)
Anyway, testing the offline mode now, see if
x27;t see what ...
cheers,
Andy
2010/8/18 Stephen Gallagher
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> On 08/18/2010 09:21 AM, Andy Kannberg wrote:
> > > Hi again,
> > >
> > > I've commented out the ldap.so lines in syst
010 at 10:08:12AM +0200, Andy Kannberg wrote:
> > Goodmorning,
> >
> > I did some digging, and this is the situation:
> > Upfront I must say that I do not know yet if Novell eDirectory is RFC2307
> > compliant, but a Novell Engineer is available today so I can ask him
Aux
objectClass: sambaSamAccount
you see the NxpUserAuxClass as objectclass for the useraccount.
Is there a way to handle this in SSSD ?
cheers,
Andy
2010/8/17 Andy Kannberg
> It's Novell eDirectory. However, it is possible that certain objects are
> not available on the ser
agher
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 08/17/2010 10:06 AM, Andy Kannberg wrote:
> > Hi,
> >
> > That assumption appears to be correct:
> >
> > [r...@hpdw0001 ~]# ldapsearch -x -H ldap://dtc0001.dtq.nl-htc01.nxp.com
> > <ht
IN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 08/17/2010 08:55 AM, Andy Kannberg wrote:
> > hi again,
> >
> > GID was 1000, so changed the min_id to 1.
> > Also added the debug line to sssd.conf, and this is what is logged when
> > logging in :
> >
>
08/17/2010 07:39 AM, Andy Kannberg wrote:
> > Aug 17 13:35:50 hpdw0001 sshd[5204]: pam_sss(sshd:auth): received for
> > user nxp21358: 10 (User not known to the underlying authentication
> module)
>
> This means that the SSSD couldn't find that user in LDAP. I noticed in
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 08/17/2010 07:22 AM, Andy Kannberg wrote:
> > Now, when I login with an ssh session, I can login, but /var/log/secure
> > shows:
> >
> > Aug 17 13:03:20 hpdw0001 login: pam_unix(login:auth): authenticat
01 login: pam_sss(login:session): Request to sssd
failed. Connection refused
Aug 17 13:03:20 hpdw0001 login: pam_sss(login:setcred): Request to sssd
failed. Connection refused
So I guess I am missing somethingCan you help me out with this ?
best regards,
Andy
2010/8/17 Sumit Bose
> On T
Hi folks,
I'm new to the list, and new to SSSD in general.
I was wondering, is it allowed to post questions about installation /
configuration problems concerning SSSD on this list ?
cheers,
Andy
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted
26 matches
Mail list logo
