My first experience with SSSD for SFTP authentication was having a higly
critical system's authentication going off because I didn't know about adcli,
so I didn't install it. After exactly 30 days, the AD server changed that
machine account's password, but the linux server didn't. Those were
Also as another data point there is another thread currently going on in this
mailing list:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org/thread/LD754UXTSMZOJTGDQPO3KG67TKTFMARA/
that seems to imply that the machine password DOES need to be changed
On Fri, Oct 12, 2018 at 08:12:52PM -, Erinn Looney-Triggs wrote:
> > On Thu, Sep 06, 2018 at 03:08:59PM -0600, Erinn Looney-Triggs wrote:
> >
> > Thank you for the research. I wasn't aware about Samba ticket #6750.
> >
> > About adcli ticket #100118. I have patches for this and they are
> On Thu, Sep 06, 2018 at 03:08:59PM -0600, Erinn Looney-Triggs wrote:
>
> Thank you for the research. I wasn't aware about Samba ticket #6750.
>
> About adcli ticket #100118. I have patches for this and they are already
> added to upcoming RHEL and Fedora releases. The adcli repository is
>
So the very very short version is, yes you can make this work, you need
to join the system using the samba tools (winbind), you then need to
manually configure sssd to work. Basically as long as they
/etc/krb5.keytab is there and valid you are golden BUT there are a lot
of bugs and RFEs in this
Hi, Erin
Thank you so much for your answer. This is exactly what I'm looking for.
Will be waiting for it.
Em sexta-feira, 12 de outubro de 2018 15:04:45 BRT, Erinn Looney-Triggs
escreveu:
On 10/12/18 7:30 AM, Simo Sorce wrote:
> On Fri, 2018-10-12 at 13:21 +, Reinaldo Souza Gomes
On 10/12/18 7:30 AM, Simo Sorce wrote:
> On Fri, 2018-10-12 at 13:21 +, Reinaldo Souza Gomes wrote:
>> Jakub,
>> I see. Thank you.
>>
>> Simo,
>> Is this gssntlmssp package meant to work on CentOS 7.5 / Samba 4.7?
> Yes to authenticate as a domain member you need to have winbind
> installed,
This makes sense. adcli update, with the Kerberos creds of the original
principal that's allowed to create new machine accounts in that OU in the
first place.
As it turns out, I must have powered up that VM just under the wire. (I
believe our AD policy is to lock machine accounts after 40
On Fri, 2018-10-12 at 13:21 +, Reinaldo Souza Gomes wrote:
> Jakub,
> I see. Thank you.
>
> Simo,
> Is this gssntlmssp package meant to work on CentOS 7.5 / Samba 4.7?
Yes to authenticate as a domain member you need to have winbind
installed, configured and working correctly on the system.
Jakub,
I see. Thank you.
Simo,
Is this gssntlmssp package meant to work on CentOS 7.5 / Samba 4.7? If so, is
there any configuration needed? I would like my Samba server to be able to
handle NTLMSSP authentication for windows' clients, while using SSSD as the
authentication layer, if
> On 10 Oct 2018, at 14:04, Ondrej Valousek wrote:
>
> Hi list.
>
> When I run
> # sssctl user-checks
> The command will, under the “SSSD InfoPipe user lookup result” section:
> - Print some information no matter if I enable InfoPipe in the
> configuration or not
> -
> On 10 Oct 2018, at 21:11, Ken Teh wrote:
>
> I tried setting up a domain that uses files for the account id but to use our
> active directory for authentication in sssd.conf. But when I fire up the sssd
> daemon, it reports that it is using files for the auth_provider. Is this
> setup
> On 11 Oct 2018, at 02:08, Reinaldo Souza Gomes
> wrote:
>
> I know that this is an old topic, but I've seen contradictory answers in
> different places.
>
> Some topics say that SSSD has no support for NTLM due to its inherently
> unsecure nature, and will never have.
Currently SSSD
13 matches
Mail list logo