> On Wed, Jul 24, 2024 at 1:04 PM Alexey Tikhonov
> wrote:
>
>>
>>
>> On Wed, Jul 24, 2024 at 6:29 PM Spike White
>> wrote:
>>
>>> Alexey,
>>>
>>> Again, thanks for replying.
>>>
>>> I put
>>>
>&
exception of
proxy_child, not sure).
I think the fix should be to inherit from the domain section (as it happens
with debug_level),
Please, open a ticket upstream.
>
> Spike
>
> On Wed, Jul 24, 2024 at 10:24 AM Alexey Tikhonov
> wrote:
>
>>
>>
>> On Wed
/var/log/sssd/krb5_child.log. Is there another section of sssd.conf in
> which we should be setting this?
>
ldap_/krb5_child "inherit" debug settings from [domain/...] section.
> Spike
>
> On Wed, Jul 24, 2024 at 4:16 AM Alexey Tikhonov
> wrote:
>
>> Hi,
>&
Hi,
what SSSD version is this?
I think it should be fixed by
https://github.com/SSSD/sssd/pull/7198#issuecomment-1959697353 and thus in
SSSD 2.9.5+
On an older version you can consider setting 'debug_backtrace_enabled =
false'
On Tue, Jul 23, 2024 at 9:37 PM Spike White wrote:
> All,
>
>
On Tue, Jul 2, 2024 at 1:00 PM seojeong kim
wrote:
> /var/lib/sss/db/
>
> I try to use SSSD offline authentication.
> under /var/lib/sss/db/
>cache_mydomain.ldb
>ccache_mydomain.ldb
>config.ldb
>fast_ccache_mydomain.ldb
>sssd.ldb
>timestamps_samsungsre.com.ldb
>
>
> SSSD
;>
>> Thank you
>>
>> On Fri, May 17, 2024, 1:10 AM Alexey Tikhonov
>> wrote:
>>
>>> Hi,
>>>
>>> On Fri, May 17, 2024 at 9:33 AM Techie wrote:
>>>
>>>> Hello again, my offline authentication works, however, if I
Hi,
On Fri, May 17, 2024 at 9:33 AM Techie wrote:
> Hello again, my offline authentication works, however, if I reboot while
> offline it no longer works and the cached password is removed from the
> cache db. I mean that ldbsearch no longer reveals a cached password for my
> user.
>
Try to
Hi,
int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
X509_STORE *st, unsigned long flags);
https://github.com/SSSD/sssd/blob/ca684cd156debbdf3d95776271e7020b883b1e81/src/p11_child/p11_child_openssl.c#L458
:
```
status = OCSP_basic_verify(ocsp_basic, NULL,
On Mon, Apr 8, 2024 at 9:22 PM Tero Saarni wrote:
> On Mon, Apr 8, 2024 at 10:10 PM Alexey Tikhonov
> wrote:
>
>>
>> Out of curiosity: I realized that 'sssd/nightly' packages are built with
>> 'systemd' support and thus 'Requires:" it. How did you work around th
Hi Tero,
On Mon, Apr 8, 2024 at 8:13 PM Tero Saarni wrote:
>
> Having said that, and taking into account 'user-ns' support isn't
>> available yet, you might want to try builds from
>> https://copr.fedorainfracloud.org/coprs/g/sssd/nightly/ : currently
>> Fedora rawhide, Centos-stream 9 and Rhel
On Fri, Mar 22, 2024 at 5:03 PM Tero Saarni wrote:
> On Fri, Mar 22, 2024 at 3:46 PM Alexey Tikhonov
> wrote:
>
>> Is this a "single UID" container (i.e. SSSD and client apps run under the
>> same UID within container namespace)?
>> What do you use as an
On Thu, Mar 21, 2024 at 10:04 PM Tero Saarni wrote:
> On Thu, Mar 21, 2024 at 10:21 PM Alexey Tikhonov
> wrote:
>
>> It's been awhile but... quite a lot of work has been done:
>> see https://github.com/SSSD/sssd/issues/5443#issuecomment-2013505460 for
>>
On Thu, Apr 1, 2021 at 6:06 PM David Mather wrote:
> We are also trying to run as a non-root user with minimal capabilities in
> production. Has anymore work been done on this since?
>
It's been awhile but... quite a lot of work has been done:
see
On Mon, Feb 26, 2024 at 12:38 PM Alexey Tikhonov
wrote:
>
>
> On Fri, Feb 23, 2024 at 12:06 PM John Doe wrote:
>
>> Hello
>>
>> I'm wondering if there's any way to access the informational message
>> about password expiration given upon login when usin
On Fri, Feb 23, 2024 at 12:06 PM John Doe wrote:
> Hello
>
> I'm wondering if there's any way to access the informational message about
> password expiration given upon login when using cached credentials? When
> having pam_verbosity = 2 in sssd.conf, the following informational message
> is
Hi,
did you try to set `ldap_library_debug_level = -1` (see 'man sssd-ldap')
and inspect /var/log/sssd/sssd_$domain.log?
It might give additional details.
On Wed, Feb 21, 2024 at 8:54 PM Johnnie W Adams wrote:
> We are connecting to an LDAP server. Thanks!
>
> On Wed, Feb 21, 2024 at 1:53 PM
On Wed, Feb 21, 2024 at 5:58 PM Albert Szostkiewicz wrote:
>
> Thank you!
>
> 'kdestroy -A' does help!
>
> But I found that I am running into the same issue every now and then. What
> might be causing it?
`klist -A` and see what is there?
--
___
On Tue, Feb 13, 2024 at 4:08 PM Eric Doutreleau <
edoutrel...@genoscope.cns.fr> wrote:
> Hi
>
> I m using sssd-2.9.1 on Rocky linux 9 and i have stange behaviour with
> group enumeration.
>
Sorry I can't help with your issue immediately,
but as a side note: 'enumeration' feature is poorly tested
;- Kodiak
>
>
>
> Sent with Proton Mail <https://proton.me/> secure email.
>
> On Wednesday, January 31st, 2024 at 3:27 AM, Alexey Tikhonov <
> atikh...@redhat.com> wrote:
>
> Hi,
>
> On Tue, Jan 30, 2024 at 11:22 PM Kodiak Firesmith <
> firesm...@proto
Hi,
On Tue, Jan 30, 2024 at 11:22 PM Kodiak Firesmith
wrote:
> Hello,
> I've begun to see the oddest thing within our AD environment on Linux
> clients (Ubuntu 20, 22).
>
> During logins I see "groups: cannot find name for group ID".
>
> Then during various operations (eg when installing a
On Fri, Jan 19, 2024 at 12:39 PM Finn Fysj wrote:
>
> > When it gets to DAC, `getgrouplist()` (initgroups list) is what matters.
> >
> > Does this work properly, i.e. does `id user1` returns all expected groups?
> For old systems not using SSSD (nslcd & nscd), this works. I can run id
> and
On Fri, Jan 19, 2024 at 11:56 AM Finn Fysj wrote:
>
> > IPA doesn't show member attribute for non-authenticated binds
> As mentioned this works for older hosts not using SSSD...
>
> > Typically users are interested in the correct group list the user is a
> > member of.
> > On the other side,
Hi,
On Fri, Jan 19, 2024 at 10:03 AM Finn Fysj wrote:
>
>
> > with LDAP, recursively searching for all nested subgroups, sub-sub-groups,
> > etc. -- that can be an expensive operation.
> >
> > the default ldap_group_nesting_level is 2. You might try to set that to
> > some larger number (like
On Thu, Jan 18, 2024 at 5:06 PM Alexey Tikhonov wrote:
>
> Hi,
>
> On Thu, Jan 18, 2024 at 4:16 PM D M wrote:
> >
> > Hi folks! I'm chasing down some interesting behavior on our Ubuntu 20.04
> > VMs. We're running sssd 2.3.3.
> >
> > The people who run
Hi,
On Thu, Jan 18, 2024 at 4:16 PM D M wrote:
>
> Hi folks! I'm chasing down some interesting behavior on our Ubuntu 20.04 VMs.
> We're running sssd 2.3.3.
>
> The people who run the underlying disks for our VM hosts have been
> complaining about a spike in disk write latency every 10min.
>
Hi,
On Wed, Jan 10, 2024 at 11:02 PM Spike White wrote:
>
> All,
>
> Is there a packaging problem on the latest version of RHEL8 sssd?
>
> On several of our RHEL8 servers during the last update cycle, sssd logins
> start failing. It appears to be when upgrading to version
>
tent
> bugs.
If you are able to reproduce, then it also makes sense to set
'debug_level=9' in [nss] and [$domain] section of sssd.conf (or use
`sssctl debug-level` in runtime) and capture /var/log/sssd/* covering
failed attempt.
>
> ________
> From: Alexey T
Hi,
On Tue, Jan 9, 2024 at 4:50 PM Charles Hedrick wrote:
>
> We want to use user-mode kvm for students. I've set up a VM. It uses 9p to
> mount the user's home directory. After connecting to the VM with "virsh
> console", and then exiting, sssd on the host (not in the VM, in the main
>
On Wed, Oct 4, 2023 at 11:40 AM Alexey Tikhonov wrote:
>
>
> On Tue, Oct 3, 2023 at 11:22 PM Spike White
> wrote:
>
>> Alexey,
>>
>> Yes I see that now. That every time it starts a new LDAP connection, it
>> starts by querying rootDSE. So I have to lo
0x0200): Got request for [0x2][BE_REQ_GROUP][name=
> apaclinux...@amer.corp.com]
> (2023-10-03 13:30:02): [be[amer.corp.com]] [dp_get_account_info_send]
> (0x0200): Got request for [0x2][BE_REQ_GROUP][name=
> apaclinux...@emea.corp.com]
> ...
> and it continues on, each an
(Haven't looked at our
> RHEL9 builds yet). It's occurring on all servers to all rootDSEs, but only
> a problem for AMERAustin, since Austin is such a heavily-populated.
>
>
> These rootDSEs change almost never. Any way to have it query not as
> frequently, or randomize when servers
Hi,
On Mon, Oct 2, 2023 at 6:20 AM Spike White wrote:
> All,
>
> Is there anything in sssd's RHEL and RHEL-like Linux server OS settings
> that perform LDAP binds or connections to AD every 30 minutes?
>
> What our AD team is seeing is all of the DCs in our biggest AMER AD site
> peak with LDAP
Hi Steven,
On Thu, Aug 10, 2023 at 12:49 AM Steven McCormack
wrote:
>
> Hi Alexey,
>
> thanks for the information. implicit_pac_responder = flase did the trick. Now
> all services start as expected
well... I must admit "monitor" activation vs "systemd/socket"
activation configuration is
On Mon, Aug 7, 2023 at 2:02 PM Steven McCormack
wrote:
>
> Hello,
> I have a similar problem after upgrading to Debian 12. On all upgraded
> machines sssd-pac.service fails. My understanding is, that services listed in
> the services line are not socket activated. Therefore I completely removed
logs to figure out the
reason for those "sporadic hiccups".
Latest version, around sssd-2.8+, should make it easier to track a specific
lookup across a set of logs.
>
> Spike
>
> On Thu, Jun 22, 2023 at 10:44 AM Alexey Tikhonov
> wrote:
>
>> Hi,
>>
&g
Hi,
On Thu, Jun 22, 2023 at 4:47 PM Spike White wrote:
> All,
>
> Successful sssd consumer here.
>
> Have an app team running Hadoop. They're getting these performance errors
> in their app.
>
> This is from their app logs.
>
> ddlflhdm201.us.company.com
> WARN June 15, 2023 10:08 AM Groups
Hi,
On Fri, Mar 24, 2023 at 10:03 PM Pieter Voet wrote:
>
> Hi all,
>
> I have the same issue as was already reported here in 2016 :
> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org/message/3IQLPN4JLFQJDXN6G3HQH3SEZ2AGEEBE/
> however there was no reply given.
>
>
On Mon, Mar 20, 2023 at 8:37 PM Paul B. Henson wrote:
>
> On 3/20/2023 9:13 AM, Alexey Tikhonov wrote:
>
> > But probably SSSD should refuse to handle this kind of names
> > immediately, instead of cutting unallowed chars off and handling what
> > remains?
>
On Mon, Mar 20, 2023 at 6:29 PM Craig Martin
wrote:
>
> Thanks for your response.
>
> grep -i offline /var/log/sssd/sssd_AD.FINRCVGRP.COM.log
> finds nothing.
Is this with `debug_level = 9` in the domain section of sssd.conf?
Anyway, you need to set `debug_level = 9`, restart sssd truncating
Hi,
On Mon, Mar 20, 2023 at 6:05 PM Craig Martin
wrote:
>
> Hi,
>
> I have a problem I have been unable to solve and I'm at a loss. We use sssd
> on Debian 11 clients with active directory backend. We have 4 domain
> controllers running Windows Server 2022 in our environment. If any one of
that this change
> will work in all other cases as well.
>
>
> HTH
> Tomáš
>
>
> On Mon, Mar 20, 2023 at 12:11 PM Alexey Tikhonov wrote:
>>
>> Hi,
>>
>> On Sat, Mar 18, 2023 at 12:04 AM Paul B. Henson wrote:
>> >
>> > We are ru
Hi,
On Sat, Mar 18, 2023 at 12:04 AM Paul B. Henson wrote:
>
> We are running the latest RHEL 8.7 which includes sss version
> 2.7.3-4.el8_7.3 and noticed some odd behavior. sss seems to ignore
> leading @ characters when looking up a username. For example:
>
> # getent passwd '@cpp.a'
>
On Thu, Mar 16, 2023 at 9:07 AM Roman Annenko wrote:
>
> I succeeded with building 2.6.3 release.
> The offending feature which breaks building is "krb5 plugin idp" which comes
> in the next releases.
> The code in module src/krb5_plugin/idp/idp_clpreauth.h accesses the struct
> member
On Tue, Mar 14, 2023 at 10:05 PM Lukas Slebodnik wrote:
>
> On (14/03/23 17:19), Alexey Tikhonov wrote:
> >Hi,
> >
> >On Tue, Mar 14, 2023 at 2:26 PM Roman Annenko wrote:
> >
> >> Hi,
> >> I couldn't find any information about which OS
Hi,
On Tue, Mar 14, 2023 at 2:26 PM Roman Annenko wrote:
> Hi,
> I couldn't find any information about which OSes can run sssd 2.x package.
>
It's up to the downstream package maintainer of specific distributions.
> The only mention about "platform" I found in sssd-2.0.0 release notes:
>
On Thu, Feb 23, 2023 at 4:15 PM Patrick Riehecky wrote:
> On Thu, 2023-02-23 at 11:21 +0100, Alexey Tikhonov wrote:
> > From a practical point of view, for 'auth_provider=krb5' & local
> > users
> > case we now tend to recommend using 'id_provider = proxy' with li
On Wed, Feb 22, 2023 at 11:31 PM Prentice Bisbal wrote:
>
> On 2/22/23 4:14 PM, Patrick Riehecky wrote:
> > Is there a way to get results in `getent passwd` from a files domain
> > with enumerate=false?
> >
> > relevant domain snippet:
> > [domain/FNAL.GOV]
> > auth_provider=krb5
> >
On Fri, Jan 27, 2023 at 7:16 PM Prentice Bisbal wrote:
> On 1/25/23 4:40 PM, Alexey Tikhonov wrote:
>
>
>
> On Wed, Jan 25, 2023 at 5:34 PM Prentice Bisbal wrote:
>
>> (difficult to confirm without coredump/backtraces).
>>
>> Would a stack trace of automo
On Wed, Jan 25, 2023 at 10:40 PM Alexey Tikhonov
wrote:
>
>
> On Wed, Jan 25, 2023 at 5:34 PM Prentice Bisbal wrote:
>
>> (difficult to confirm without coredump/backtraces).
>>
>> Would a stack trace of automount or the sssd daemon be sufficient?
>>
>
On Wed, Jan 25, 2023 at 5:34 PM Prentice Bisbal wrote:
> (difficult to confirm without coredump/backtraces).
>
> Would a stack trace of automount or the sssd daemon be sufficient?
>
No, I meant backtrace from a coredump. Maybe `ltrace` can help also, but I
doubt `strace` is handy here.
>
> I
Hi,
might be https://github.com/SSSD/sssd/issues/6505 /
https://bugzilla.redhat.com/show_bug.cgi?id=2143159
(difficult to confirm without coredump/backtraces).
Should be fixed in C9S/9.2
(
Hi,
On Wed, Dec 21, 2022 at 10:55 AM Sumit Bose wrote:
>
> Am Tue, Dec 20, 2022 at 07:14:42PM -0600 schrieb Sundar Vadivelu:
> > Hi all,
> > I am working on a system which does TACACS+ authentication of users with
> > pam_tacplus and nss_tacplus libraries
> > nss_tacplus:
gt; >> group: files compat systemd sss
> >> and still had the same problem.
> >> id_provider=ipa
> >> Yes Ubuntu.
> >> sssd 2.2.3-3ubuntu0.9
> >> This same named user that was created local is also in our IPA server
> but want this local accoun
Hi,
On Tue, Nov 29, 2022 at 8:54 PM Jim Burwell wrote:
> On 11/29/22 01:00, Alexey Tikhonov wrote:
>
> Hi,
>
>
> On Tue, Nov 29, 2022 at 2:54 AM Jim Burwell wrote:
>
>> Hi,
>>
>> On a CentOS 7 system bound to an AD domain,
>
>
> Single AD dom
s also in our IPA server but
> want this local account and settings on this machine to override that.
>
> -Kevin
>
> On Nov 29, 2022, at 3:03 AM, Alexey Tikhonov wrote:
>
>
> Hi,
>
> On Tue, Nov 29, 2022 at 1:10 AM Kevin Vasko wrote:
>
>> We have a
Hi,
On Tue, Nov 29, 2022 at 1:10 AM Kevin Vasko wrote:
> We have a local user that has an entry in sudoers for a “NOPASSWD”.
>
> In /etc/nsswitch.conf we have:
>
> sudoers: files sss
>
What is in 'passwd:' and 'group:'?
Do you use 'id_provider=files' in 'sssd.conf'?
>
> For some reason sssd
Hi,
On Tue, Nov 29, 2022 at 2:54 AM Jim Burwell wrote:
> Hi,
>
> On a CentOS 7 system bound to an AD domain,
Single AD domain or multiple/trusted?
> running sssd 1.16.5-10.el7.
>
Latest should be sssd-1.16.5-10.el7_9.13
>
> Some groups are not showing up in a users list of groups.
>
>
Hi,
> (2022-07-21 7:11:14): [sssd] [svc_child_info] (0x0020): Child [984]
('abba.xx.priv.yy':'%BE_abba.xx.priv.yy') was terminated by own WATCHDOG
-- this means corresponding process - `sssd_be --domain abba.xx.priv.yy`
in this case - was blocked too long on 'something' (longer than 3*timeout
Hi Sergio,
`grep passwd /etc/nsswitch.conf`?
On Fri, Jul 15, 2022 at 4:27 PM Stephen Gallagher
wrote:
> A better place for this question is the sssd-users list (which I've just
> CCed).
>
> On Fri, Jul 15, 2022 at 7:24 AM Sergio Belkin wrote:
> >
> > Hi, I've configured sssd to use session
Hi,
On Thu, Jul 7, 2022 at 12:14 PM Fisher, Philip wrote:
> Hi SSSD experts
>
> I have tried examining various documentation and man pages but I am unable
> to determine the answer. Specifically, for security reasons, we require
> user on our Linux servers to login via AD credentials only
On Thu, Jun 23, 2022 at 3:19 PM Fisher, Philip wrote:
> Hello SSSD people
>
> Is there a way to run (on RHEL 8 specifically) a command or query
> information so that a logged in (authorised) user can see the GPOs that are
> active for the session? I have tried Mr. Goggle without success.
>
I
Hi,
On Tue, Jun 7, 2022 at 5:41 PM Mark Christian wrote:
> I'm wondering what configuration options I should be tweaking to
> improve id to name resolution when running commands such as ls -l, and
>
Is this a Win/Samba share (i.e. does this operation include SIDs
resolution)?
> id? My sssd
On Wed, Apr 13, 2022 at 2:56 AM lingyuan zhu wrote:
> Hi,
> Thank you for replying to my question。There are some other
> problems,please help me。
> (1)When is SSSD 2.7.0 released?
>
There is no set schedule / no promises, but hopefully this month.
> (2)What is the installing requirements?
Hi,
this is https://github.com/SSSD/sssd/issues/4138
Fixed via https://github.com/SSSD/sssd/pull/6039
Fix will be released in SSSD 2.7.0
On Tue, Apr 12, 2022 at 9:58 AM lingyuan zhu wrote:
> 1、SSSD version:
> sssd-common-1.16.5-10.el7_9.12.x86_64
> sssd-ldap-1.16.5-10.el7_9.12.x86_64
>
On Thu, Mar 17, 2022 at 12:27 AM James Ralston wrote:
>
> On Wed, Mar 16, 2022 at 6:04 AM Alexey Tikhonov wrote:
>
> > How would you use SSSD without any domain configured?
>
> I have a host on which I kinit against principals in Kerberos realms
> for which the ho
On Wed, Mar 16, 2022 at 11:39 AM Brian J. Murrell
wrote:
> > Hi,
>
> Hi.
>
> > What OS are running on your system?
>
> EL8.5
>
Did you tune any default selinux policies?
>
>
> > What is the output of `cat /etc/nsswitch.conf | grep passwd` on your
> > system?
>
> passwd: sss files systemd
>
Hi,
On Wed, Mar 16, 2022 at 5:17 AM James Ralston wrote:
> For recent versions of sssd, the monitor (the sssd.service) won’t even
> start unless at least one domain is configured.
>
> As sssd.conf(5) notes, all sssd services can be socket-activated when
> needed. There is no need to list any
Hi,
What OS are running on your system?
What is the output of `cat /etc/nsswitch.conf | grep passwd` on your system?
Do you use SSSD on purpose?
On Tue, Mar 15, 2022 at 7:45 PM Brian J. Murrell
wrote:
> I am getting some SELinux AVC alerts for a given process in a given domain
> that seems
Hi,
On Thu, Feb 3, 2022 at 12:19 AM Bill Conn wrote:
>
> I'm working on a university's research cluster with nodes that all run
> CentOS7 and are joined to the school's Active Directory domain. Our domain
> is part of a statewide forest that contains every state university, and we
> have
# ding-libs 0.6.2
The SSSD team announces a minor maintenance update of ding-libs - version 0.6.2
The tarball can be downloaded from:
https://github.com/SSSD/ding-libs/releases/tag/0.6.2
Tickets fixed:
- https://pagure.io/SSSD/ding-libs/issue/3182
- https://github.com/SSSD/ding-libs/issues/5
```
* (2022-01-24 16:11:50): [be[ipa.test]] [child_handler_setup] (0x2000):
[RID#171] Signal handler set up for pid []
* (2022-01-24 16:11:50): [be[ipa.test]] [write_pipe_handler] (0x0400):
[RID#171] All data has been sent!
* (2022-01-24 16:11:56): [be[ipa.test]] [krb5_auth_done]
Hello,
aforementioned migration of the 'ding-libs' project to Github was completed:
now the only used location is https://github.com/SSSD/ding-libs
On Tue, Nov 9, 2021 at 8:56 PM Alexey Tikhonov wrote:
>
> Hello,
>
> as a follow up to the complete SSSD migration to github [1],
(with this new sssd version).
>
> In other AD domains (like AMER), consistently all servers with this new
> sssd version do discover all AD domains. So servers in AMER discover all
> expected domains.
>
> Spike
>
>
>
> On Tue, Jan 18, 2022 at 12:11 PM Alexey Tikhonov
> w
On Tue, Jan 18, 2022 at 5:52 PM Spike White wrote:
> sssd experts,
>
> This sssd version (released Tue 23 Nov 2021) is under-discovering AD
> domains.
>
> A similar sssd bug occurred last July, where sssd over-discovered AD
> domains (AD domains for which there was not a legal trust relationship
On Tue, Jan 4, 2022 at 7:53 PM Stefan Kania wrote:
>
>
> Am 03.01.22 um 15:51 schrieb Alexey Tikhonov:
> > Please feel free to file a ticket.
> Where can I do that :-)
>
https://github.com/SSSD/sssd/issues
>
>
>
>
Hi,
On Thu, Dec 30, 2021 at 5:26 PM Stefan Kania wrote:
> Hi to all,
>
> a few years ago I asked for help for using dynamic groups in OpenLDAP
> together with sssd to change the search filter:
>
>
>
2" tag label in release
at GitHub, you can see:
- "This tag was signed with the committer’s verified signature."
- GPG key ID: 8D7326351A726211 -- this is the same key ID as you see in
(updated) sssd-2.6.2.tar.gz.asc (compare last 16 chars)
So, if I understand correctly, at
ts/master
> Aram
> On 12/23/2021 2:07 PM, Alexey Tikhonov wrote:
>
> Hello,
>
> (sorry if this my comments will be non-relevant)
>
> On Fri, Dec 17, 2021 at 8:35 AM Aram Akhavan wrote:
>
>> Hi all,
>>
>> I'm new to sssd and am working on deplo
Hello,
(sorry if this my comments will be non-relevant)
On Fri, Dec 17, 2021 at 8:35 AM Aram Akhavan wrote:
> Hi all,
>
> I'm new to sssd and am working on deploying it in my homelab on a test VM.
>
> So far, I've successfully joined my host to my very basic/vanilla Active
> Directory domain
# SSSD 2.6.2
The SSSD team is proud to announce the release of version 2.6.2 of the
System Security Services Daemon. The tarball can be downloaded from:
https://github.com/SSSD/sssd/releases/tag/2.6.2
See the full release notes at:
https://sssd.io/release-notes/sssd-2.6.2.html
##
On Sun, Dec 5, 2021 at 1:29 AM Ned Wilson wrote:
> In our organization, we have an Active Directory domain, and a CentOS IdM
> subdomain at a remote site that has a two-way trust relationship with the
> master ID domain. Since this remote site is using a less-than-reliable
> internet connection,
Hi,
what exactly do you want to achieve?
Do you want to rebuild binary rpm?
On Wed, Dec 8, 2021 at 3:34 PM Spike White wrote:
> All,
>
> I have reviewed:
>
> https://github.com/SSSD/sssd
> https://sssd.io/
>
>
> And most especially:
>
> https://sssd.io/contrib/building-sssd.html
>
>
> In an
On Tue, Nov 30, 2021 at 12:43 PM Harald 11 wrote:
>
> I set up this:
>
> [sssd]
> config_file_version = 2
> domains = DOMAIN.NET
>
> [domain/DOMAIN.NET]
> id_provider = ad
> access_provider = ad
> sudo_provider = none
>
> fallback_homedir = /home/%u
> default_shell = /bin/bash
> skel_dir =
On Thu, Nov 25, 2021 at 5:17 PM Spike White wrote:
> Harald,
>
> I was hoping someone smarter than me would respond; someone who knew the
> answer. But no one else did, so let me take a crack at it. I know the
> problems and I know the possible approaches to the solution, but I do not
> know
On Wed, Nov 10, 2021 at 5:29 PM Leon Castellano
wrote:
>
> Hello Users,
>
> I'm hoping with your ample expertise you may be able to help me figure out
> how to fix the issue I'm running into.
>
> A bit of background for context: I'm a sysadmin with NASA out of GSFC where
> we manage many legacy
Hello,
as a follow up to the complete SSSD migration to github [1], we
decided to continue with the consolidation effort and to make the same
step with the 'ding-libs' project that currently uses both Pagure [2]
and Github [3].
This is only a heads up. Precise date isn't set yet.
But as a first
On Mon, Oct 18, 2021 at 1:27 PM Robert Wagensveld
wrote:
> Is this a hard question?
>
It is an unclear question.
What the actual problem is and why do you need enumeration to be enabled?
___
sssd-users mailing list --
On Mon, Oct 18, 2021 at 1:31 PM Aitor Pazos wrote:
>
> Thanks for your reply!
>
> Not yet, as we use LDAPs, didn't want to go into that rabbit-hole of working
> around certs config for traffic snooping if there was some more obvious
> reason I am not aware of.
You could start without decoding
On Fri, Oct 15, 2021 at 3:54 PM Aitor Pazos wrote:
> Hi all,
> Let me introduce the symptoms that triggered this investigation.
> First, versions:
> - OS: Ubuntu 20.04
> - SSSD: 2.2.3-3ubuntu0.7
> - Platform: x86_64
>
> Some weeks after starting using a new region/provider we noticed some
>
On Tue, Aug 31, 2021 at 6:47 PM Spike White wrote:
> All,
>
> OK we have a query we run in AD for machine account passwords for a
> certain age. In today's run, 31 - 32 days. Then we verify it's pingable.
>
> We have found such one such suspicious candidate today (two actually, but
> the other
On Tue, Jul 27, 2021 at 5:49 PM James Ralston wrote:
>
> If you cannot put certificates into the userCertificate field in AD,
> the only work-around is to upgrade to sssd 2.1.0 or later.
>
> (We briefly considered doing that on RHEL7, but quickly abandoned it
> due to the effort involved.)
On Tue, Jul 27, 2021 at 7:02 AM Assaf Morami wrote:
> Yeah the username is in the SAN field inside the UPM.
>
So you could match and map by SAN field?
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to
On Mon, Jul 26, 2021 at 10:43 AM Assaf Morami
wrote:
> Hi James, thanks for the swift response.
>
> Is it possible to turn off certificate matching against AD, and just use
> the username while taking the certificate directly from the smart card?
>
But matching by username is still matching.
On Mon, Jul 19, 2021 at 2:34 PM Steve Traylen
wrote:
>
> sssd-2.5.1-2.el8
>
> With a files domain and an ldap domain in simplified form below then all
> works well for me and passwd files are checked and win
> before ldap entries.
>
> However as soon as `default_domain_suffix = mydomain.ch` is
On Thu, May 6, 2021 at 2:56 PM Paweł Szafer wrote:
>
> Hello,
>
> Today morning I had a bad surprise. Suddenly I cannot login anymore to my PC.
> My OS is Arch based, with SSSD 2.4.2, updated yesterday (it was working after
> update, last login occurred around 7pm 05.05.2021, today 7am
On Tue, Apr 6, 2021 at 1:51 PM Sam Morris wrote:
> Thanks Pawel, I'll mail the extra logs to you.
>
I think you spotted the reason correctly.
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to
On Fri, Apr 2, 2021 at 4:19 PM Sam Morris wrote:
> Looking into responder_common.c, the function client_recv logs "Invalid
> data from client, closing connection" if sss_packet_recv returned EINVAL.
>
> Looking into sss_packet_recv, EINVAL is returned if the packet is too
> large.
>
> Decoding
On Wed, Mar 31, 2021 at 9:58 AM Alexey Tikhonov wrote:
>
> On Wed, Mar 31, 2021 at 9:38 AM Calvin Chiang wrote:
> >
> > Ex-windows admin wrapping my head around PAM/SSSD has been quite tough!
> >
> > I have successfully managed to to get pam_sss working with
> &g
On Wed, Mar 31, 2021 at 9:38 AM Calvin Chiang wrote:
>
> Ex-windows admin wrapping my head around PAM/SSSD has been quite tough!
>
> I have successfully managed to to get pam_sss working with
>
> login for specific appliction rstudio server (/etc/pam.d/rstudio)
> containerized ubuntu
> ldap/krb5
Hi,
there is very similar thread on this list - "p11_child doesn't use 2nd slot
if 1st slot is empy"
Can it happen your setup is similar, i.e. 1st removable slot on your reader
is seen as empty?
On Tue, Mar 16, 2021 at 5:21 PM Rudi Dayan wrote:
> Hi,
>
> Thanks for your response!
> Yes, It
1 - 100 of 128 matches
Mail list logo