Am Thu, May 06, 2021 at 05:09:47PM +0200 schrieb Paweł Szafer:
> Hi,
>
> I had to add
>
> ldap_sasl_mech=GSSAPI
>
> to domain part of my sssd.conf
> But honestly I don't understand why SPNEGO is not working, any ideas?
Hi,
if it was working before it looks like SPNEGO support got lost on your
After entering the correct pin for the card, this is an anonymized version of
krb5_child.log:
(2021-05-06 16:27:42): [krb5_child[598307]] [main] (0x0400): krb5_child started.
(2021-05-06 16:27:42): [krb5_child[598307]] [unpack_buffer] (0x1000): total
buffer size: [189]
(2021-05-06 16:27:42):
On Thu, May 6, 2021 at 2:56 PM Paweł Szafer wrote:
>
> Hello,
>
> Today morning I had a bad surprise. Suddenly I cannot login anymore to my PC.
> My OS is Arch based, with SSSD 2.4.2, updated yesterday (it was working after
> update, last login occurred around 7pm 05.05.2021, today 7am
Hi,
I had to add
ldap_sasl_mech=GSSAPI
to domain part of my sssd.conf
But honestly I don't understand why SPNEGO is not working, any ideas?
czw., 6 maj 2021 o 09:59 Paweł Szafer napisał(a):
> Hello,
>
> Today morning I had a bad surprise. Suddenly I cannot login anymore to my
> PC.
> My OS
Jeremy,
First off, this is not a sssd problem. You've proven that by your kinit -k
attempts failing. This is an underlying problem between your kerberos
client, your AD DC and your /etc/krb5.keytab file. Once you fix this
underlying issue, I expect sssd will work.
Your AD domain may be
Sumit,
Yes exactly.
override_homedir = %o
would return the original home directory retrieved from the identity
provider. What would be nice is another % flag, which retrieves the
original home dir, but lower cases this original home dir. for instance:
override_homedir = %L
(%l is
Am Thu, May 06, 2021 at 09:59:45AM +0200 schrieb Paweł Szafer:
> Hello,
>
> Today morning I had a bad surprise. Suddenly I cannot login anymore to my
> PC.
> My OS is Arch based, with SSSD 2.4.2, updated yesterday (it was working
> after update, last login occurred around 7pm 05.05.2021, today
Thanks for your reply.
Where do I find the issuer to create the correct matchrule?
The upn of the user is currently stored in the Subject Alternate Name in the
certificate. So the full username including the domain. What would the maprule
look like then?
I don't understand how it's supposed to
On 5/6/21 9:44 AM, Jeremy Monnet wrote:
> I have now (DEPRECATED:arcfour-hmac) in the keytab, and
> authentication works after rejoining the AD !
RC4 is deprecated for very good reasons.
You should rather try to set attribute msDs-supportedEncryptionTypes in
the service / host entry to enable
Hello,
Today morning I had a bad surprise. Suddenly I cannot login anymore to my
PC.
My OS is Arch based, with SSSD 2.4.2, updated yesterday (it was working
after update, last login occurred around 7pm 05.05.2021, today 7am
06.05.2021 cannot login anymore)
Maybe you have any idea what's wrong.
Hello,
On Thu, May 6, 2021 at 7:40 AM Sumit Bose wrote:
>
> > > We upgraded today a RHEL 7.9 to RHEL8.3. We encounter now that error
> > > KDC has no support for encryption type
>
> Hi,
>
> this is most probably about the rc4 encryption type which is still
> heavily used in AD environments but
On Wed, May 5, 2021 at 3:27 PM Jeremy Monnet wrote:
> [root@hostname sssd]# kinit -V -k
> Using new cache: persistent:0:krb_ccache_PECiZeh
> Using principal: host/fqdn@DOMAIN
> kinit: Client 'host/fqdn@domain' not found in Kerberos database while getting
> initial credentials
You cannot knit
Am Wed, May 05, 2021 at 09:45:27AM - schrieb Gary Letth:
> I'm trying to figure out how to get smartcard-authentication working
> in RHEL 8.3 when the computer is joined to an active directory domain.
> So far I've managed to configure local authentication using a smart
> card by mapping a
13 matches
Mail list logo