n
>
> On Wed, Nov 09, 2016 at 02:45:56PM +, Longina Przybyszewska wrote:
> > Hi again,
> > I still hang on that problem.
> > Client and server are configured in AD trust realm environment.
> > Client and server are joind to a.c.domain; User is from n.c.domain.
&g
gh?
Best
Longina
> -Oprindelig meddelelse-
> Fra: Lukas Slebodnik [mailto:lsleb...@redhat.com]
> Sendt: 21. november 2016 10:11
> Til: End-user discussions about the System Security Services Daemon
> Emne: [SSSD-users] Re: sssd-13.4 can't login
>
> On (21/11/16
er 2016 09:25
> Til: sssd-users@lists.fedorahosted.org
> Emne: [SSSD-users] Re: sssd-13.4 can't login
>
> On Wed, Nov 09, 2016 at 02:45:56PM +, Longina Przybyszewska wrote:
> > Hi again,
> > I still hang on that problem.
> > Client and server are configured in
:
[-1765328243][Can't find client principal longina@N.C.DOMAIN in cache
collection]=
The krb5_child.log is attached.
Any ideas for solving this problem?
Best,
Longina
Fra: Longina Przybyszewska [mailto:long...@sdu.dk]
Sendt: 26. oktober 2016 11:36
Til: End-user discussions about the System Secu
Hi,
Can you help me with a problem I struggle quite a time, that appeared after
upgrade to sssd-13.4 (Ubuntu Xenial):
User can not login;
Home directory (nfs) secured with Kerberos, is mounted, with proper idmapping,
but user is refused to login to the desktop (lightdm).
Ssh login is possible, bu
If you are in trusty cross realm, you ask for TGT your domain's DC ;
This TGT should be enough to get rights for all other domains (DC controllers
"talk" to each other and do that automagically for you)
Best,
Longina
> -Oprindelig meddelelse-
> Fra: Sumit Bose [mailto:sb...@redhat.com]
need for
discovering?
Best,
Longina
> -Oprindelig meddelelse-
> Fra: Petr Spacek [mailto:pspa...@redhat.com]
> Sendt: 4. august 2016 11:08
> Til: sssd-users@lists.fedorahosted.org
> Emne: [SSSD-users] Re: dyndns updates in sssd-13.4
>
> On 3.8.2016 10:18, Longin
Hi,
I am testing the new NFS-server with Kerberos ,and interaction with Nfs-client,
all based on Ubuntu-16.04 and sssd-13.4.
I have got a systematic "Permission denied" for owner accessing home directory
, mounted on Nfs-client, with right permissions and right nfsidmapping.
In the syslog on t
t; To: sssd-users@lists.fedorahosted.org
> Subject: [SSSD-users] Re: nfsidmap with 'sss'method
>
> On Wed, Jul 27, 2016 at 01:46:31PM +, Longina Przybyszewska wrote:
> > Hi,
> > I upgraded to sssd-13.4 (kernel 4.4.0-31-generic #50-Ubuntu) -.
> >
> > After upg
essage-
> From: Petr Spacek [mailto:pspa...@redhat.com]
> Sent: 27. juli 2016 16:11
> To: sssd-users@lists.fedorahosted.org
> Subject: [SSSD-users] Re: dyndns updates in sssd-13.4
>
> On 27.7.2016 14:54, Longina Przybyszewska wrote:
> > Hi ,
> > After upgrade to
Hi,
I upgraded to sssd-13.4 (kernel 4.4.0-31-generic #50-Ubuntu) -.
After upgrade I have problems with nfs4+Kerberos idmaping, using krb localauth
snippet and choosing 'sss' method in /etc/idmap.conf;
I get (igen!) famous nobody mapping for cross realm users;
Mapping of groups is correct, as
Hi ,
After upgrade to sssd-13.4, dyndns updates don't work in AD cross realm
environment
Our DNS server is :
-not on the identity server (exactly, not on the default DC for the domain)
-DNS server and reverse DNS server are different machines
It worked in previous release (also, DNS updates only
The next LTS - Xenial has already sssd-13.3
Longina
> -Oprindelig meddelelse-
> Fra: Henry McLaughlin [mailto:mche...@fedoraproject.org]
> Sendt: 20. januar 2016 10:51
> Til: sssd-users@lists.fedorahosted.org
> Emne: [SSSD-users] Re: sssd net rpc rights SeDiskOperatorPrivilege
>
> My di
> -Oprindelig meddelelse-
> Fra: Jakub Hrozek [mailto:jhro...@redhat.com]
> Sendt: 19. januar 2016 21:56
> Til: sssd-users@lists.fedorahosted.org
> Emne: [SSSD-users] Re: User_attribute option
>
> On Tue, Jan 19, 2016 at 11:28:05AM +, Longina Przybyszewska wrote
Hi,
I would like to retrieve additional attribute from user object in AD ,
'homeDirectory', which contains string pointing to
windows share path on a samba server .
The option 'user_attribute' allows that setup in [nss] section together with '
ifp' service.
[sssd]
services = ..,nss,ifp
[nss]
use
.include.d
###
use_fully_qualified_names = true
ldap_id_mapping = false
ldap_use_tokengroup = false
ad_gpo_access_control = disabled
best,
Longina
> -Oprindelig meddelelse-
> Fra: Longina Przybyszewska [mailto:long...@sdu.dk]
> Sendt: 11. januar 2016 16:25
> Til: End-user discussio
###
use_fully_qualified_names = true
ldap_id_mapping = false
ldap_use_tokengroup = false
ad_gpo_access_control = disabled
best,
Longina
> >
> > On Wed, Jan 06, 2016 at 01:11:50PM +0000, Longina Przybyszewska wrote:
> > >
> > > Thank you for the answers.
>
23), Sumit Bose wrote:
> >On Wed, Jan 06, 2016 at 01:11:50PM +, Longina Przybyszewska wrote:
> >>
> >> Thank you for the answers.
> >> There are still some issues:
> >>
> >>
> >> > > 2.
> >> > > I tried login with se
6 at 01:11:50PM +, Longina Przybyszewska wrote:
> >
> > Thank you for the answers.
> > There are still some issues:
> >
> >
> > > > 2.
> > > > I tried login with setup for UPN/sAMAccountName login- without
> success.
> > > > Is lo
Thank you for the answers.
There are still some issues:
> > 2.
> > I tried login with setup for UPN/sAMAccountName login- without success.
> > Is login with cross realm's UPN or short sAMAccoutName supported in this
> sssd version?
> >
> > In database for default domain cache_a.c.realm.db use
Hi,
I did some testing of sssd-13.2 version in Ubuntu-16.04 (ldap_idmapping =
false)
Login with fqdn in cross realm and Kerberos NFS automount seems to work almost
out-of-the-box.
This is great.
I have still some questions:
In my setup, I have configured only for one domain - the domain where
Hi,
For me configuring idmapd in cross realm with SSSD and NFSv4 is challenging;
Idmapd.conf manual says: An NFSv4 domain is a namespace with a unique
uid<->username, gid<->usergroupname;
Domain defaults to machine's domainname.
Using Method = nsswitch, I expect that idmapd request to ss
Til: sssd-users@lists.fedorahosted.org
> Emne: Re: [SSSD-users] 12.5 problems
>
> On Thu, Oct 08, 2015 at 08:03:43PM +0000, Longina Przybyszewska wrote:
> > > If that's the case, we need logs..
> >
> > Which logs would you like to see - and what debugging
Sorry for answering so late - needed some vacation :)
Here problem still stays open...
> On Wed, Sep 09, 2015 at 08:52:00PM +0000, Longina Przybyszewska wrote:
> > Hi,
> > We have a problem after upgrade from 11.7 to 12.5 version Identity
> > lookups periodically change fro
Hi,
We have a problem after upgrade from 11.7 to 12.5 version
Identity lookups periodically change from short name to fully qualified name
for users from trust domains.
In turn, users get lockout of files, or can not login because nfsidmap setup
can't figure out id mapping.
This setup worked in
Hi,
Do capital letters matter for domain names in sssd.conf in cross-realm AD +
SSSD environment? ?
[domain/DOMAIN.NAME] <-> [domain/domain.name]
Best
Longina
___
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org
> > On Thu, Aug 13, 2015 at 04:32:12PM +, Longina Przybyszewska wrote:
> > > Hi,
> > > I have an issue with SSSD-1.12.5 with resolving group membership.
> > > Only Posix primary group is displayed for users accounts.
> > >
> > > Group is v
d group membership problem
>
> On Thu, Aug 13, 2015 at 04:32:12PM +0000, Longina Przybyszewska wrote:
> > Hi,
> > I have an issue with SSSD-1.12.5 with resolving group membership.
> > Only Posix primary group is displayed for users accounts.
> >
> > Group is visibl
Hi,
I have an issue with SSSD-1.12.5 with resolving group membership.
Only Posix primary group is displayed for users accounts.
Group is visible on the system but not displayed from 'id' or 'groups' commands.
getent group 3005
data-adm-lnx-nfs0a-rw-id-1:*:3005:
getent group data-ad
s with sssd-1.12.5 problem!!
>
> On Thu, Jul 30, 2015 at 02:38:11PM +, Longina Przybyszewska wrote:
> > I have Ubuntu -LTS with kernel 3.13.0-61 Sssd 1.12.5
> >
> > I am preparing production setup based on Ubuntu; gss-proxy looks a bit
> adventures for production.
> &
users] ssh passwordless with sssd-1.12.5 problem!!
>
> On 07/30/2015 08:58 AM, Longina Przybyszewska wrote:
> > Hi again,
> > After implementing the recommended change my setup seemed to work
> fine with passwordless SSH and kerberized NFS4.
> >
> > Unexpecte
gt; boun...@lists.fedorahosted.org] På vegne af Longina Przybyszewska
> Sendt: 14. juli 2015 17:08
> Til: 'End-user discussions about the System Security Services Daemon'
> Emne: Re: [SSSD-users] ssh passwordless with sssd-1.12.5
>
> Hi again,
> Thanks - it seems to work!
d-1.12.5
>
> On Fri, Jul 10, 2015 at 04:50:39PM +, Longina Przybyszewska wrote:
> > Hi,
> > .k5login doesn't help . Homedir is mounted with sec=krb5 and not
> > accessible on ssh server side Until get validated krb principal
> > credentials -
> which see
> Emne: Re: [SSSD-users] ssh passwordless with sssd-1.12.5
>
> On Fri, Jul 10, 2015 at 04:50:39PM +, Longina Przybyszewska wrote:
> > Hi,
> > .k5login doesn't help . Homedir is mounted with sec=krb5 and not
> > accessible on ssh server side Until get v
ailto:sssd-users-
> boun...@lists.fedorahosted.org] På vegne af Sumit Bose
> Sendt: 10. juli 2015 10:22
> Til: End-user discussions about the System Security Services Daemon
> Emne: Re: [SSSD-users] ssh passwordless with sssd-1.12.5
>
> On Thu, Jul 09, 2015 at 04:06:05PM +, L
2015 10:22
> Til: End-user discussions about the System Security Services Daemon
> Emne: Re: [SSSD-users] ssh passwordless with sssd-1.12.5
>
> On Thu, Jul 09, 2015 at 04:06:05PM +, Longina Przybyszewska wrote:
> > Hi,
> > I have SSSD setup with AD as auth/id provider in
Hi,
I have SSSD setup with AD as auth/id provider in multi domain trust realm,
and POSIX attributes in AD for users.
With this setup users can use short names (short names match sSAMaccount
name in AD user object)) for login and get access to
their homedir ,NFS mounted with Kerberos securit
Hi,
We have a problem with the way SSSD tries to find out where to send DDNS
updates. The problem is that SSSD doesn't use DNS to find the authoritative
name server for a given zone, but assume that it must be the Active Directory
Domain Controller to which it is connected.
In our case this is
>
> On (23/01/15 14:33), Longina Przybyszewska wrote:
> >
> >> On (21/01/15 12:26), Longina Przybyszewska wrote:
> >> >Hi,
> >> >Is it possible to configure SSSD to make possible to login with
> >> >short names
> >> across tru
> On (21/01/15 12:26), Longina Przybyszewska wrote:
> >Hi,
> >Is it possible to configure SSSD to make possible to login with short names
> across trusty domains?
> >The sAMAccount name attribute in AD are unique, and all users have Posix
> attributes assigned s
> 2015-01-23 11:26 GMT+01:00 Longina Przybyszewska :
> >> > Maybe you should use the uPNSuffix from domain c.example.org for
> >> > your user accounts in domains a.c and a.b? Or add a valid one;
> >> > http://support2.microsoft.com/kb/243629. Is it possible
> > Maybe you should use the uPNSuffix from domain c.example.org for your
> > user accounts in domains a.c and a.b? Or add a valid one;
> > http://support2.microsoft.com/kb/243629. Is it possible to use that
> > uPNSuffix as default in SSSD?
>
> Yes, since 1.12
>
> Prior to that, you could use ei
> > > Only using the default_domain_suffix option, but then you need to
>> > > qualify the primary domain IIRC..
> >
> > You mean,, I have to have on all machines default-domain_suffix =
> > c.example.org.
>
> Yes.
> > I am not sure that I understand the "qualify the primary domain IIRC"del.
-users] login with shortname in AD cross realm
>
> On Wed, Jan 21, 2015 at 01:07:00PM +0000, Longina Przybyszewska wrote:
> >
> > > -Original Message-
> > > From: sssd-users-boun...@lists.fedorahosted.org [mailto:sssd-users-
> > > boun...@lists.fedorahos
in AD cross realm
>
> On Wed, Jan 21, 2015 at 12:26:33PM +0000, Longina Przybyszewska wrote:
> > Hi,
> > Is it possible to configure SSSD to make possible to login with short
> > names
> across trusty domains?
> > The sAMAccount name attribute in AD are unique
Hi,
Is it possible to configure SSSD to make possible to login with short names
across trusty domains?
The sAMAccount name attribute in AD are unique, and all users have Posix
attributes assigned so there is no risk for name mismatch between different
domains.
I use ad provider and all def
Hodrien
Sent: 20. januar 2015 11:41
To: End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] idmaping, AD multi domain forest
On 20 Jan 2015 10:28, Longina Przybyszewska
mailto:long...@sdu.dk>> wrote:
>
> Thanks for your answer-you sound very scepti
> boun...@lists.fedorahosted.org] On Behalf Of Jakub Hrozek
> Sent: 19. januar 2015 21:51
> To: sssd-users@lists.fedorahosted.org
> Subject: Re: [SSSD-users] idmaping, nfs4krb, AD multi domain forest
>
> On Fri, Jan 16, 2015 at 02:34:19PM +0000, Longina Przybyszewska wrote:
Hi,
We have problems with authorization to the nfs mounted share with sec=krb5 in
multi domain AD forest environment.
When server, client and user are from the same native domain, user’s
login,nfs+krb mount and access to nfs mounted share works fine.
ser...@nat.c.example.com
cli...@nat.c.examp
...@lists.fedorahosted.org [mailto:sssd-users-
> boun...@lists.fedorahosted.org] On Behalf Of steve
> Sent: 26. november 2014 21:45
> To: sssd-users@lists.fedorahosted.org
> Subject: Re: [SSSD-users] SSSD-AD: SamAccountName 20 character limit -
> What does SSSD do with longer host names?
>
John Hodrien wrote:
>>> On Wed, 26 Nov 2014, Longina Przybyszewska wrote:
>>>
>>> You have to be careful if you use as me, SSSD and NFS4+krb ;
>>> NFS doesn’t agree on connection with sec=krb5 if hostname doesn't
>>> match the hostname
>>
You have to be careful if you use as me, SSSD and NFS4+krb ;
NFS doesn’t agree on connection with sec=krb5 if hostname doesn't match the
hostname
in keytab file.
Best,
Longina
> -Original Message-
> From: sssd-users-boun...@lists.fedorahosted.org [mailto:sssd-users-
> boun...@lists.fe
@lists.fedorahosted.org
Subject: Re: [SSSD-users] FW: NFS+KERB+SSSD Ubuntu 14.04
On Mon, 2014-08-11 at 16:26 +, Longina Przybyszewska wrote:
> yeah, am getting blind, and got square eyes
Here is our nfs4 setup, also against AD:
http://linuxcostablanca.blogspot.com.es/p/samba-4.html
There are lots
yeah, am getting blind, and got square eyes...sanitizing output.
My hosts _are_ in the same domain.
L.
___
From: sssd-users-boun...@lists.fedorahosted.org
[sssd-users-boun...@lists.fedorahosted.org] on behalf of Longina Przybyszewska
[long...@sdu.dk]
Sent
>I fail to see how SSSD can be to blame for any of this, as the mount has
>nothing to do with mapping users.
I don't blame SSSD either ;)
The only context to SSSD could be - joining computers to AD - as I joined
both computers with 'realmd' method recommended by SSSD team.
The Kerberos key
> No, not that simple ;( - sorry for typing fail.
What, 'typing fail'?
...when editing debugging output for posting to mailinglist
>
> Mount command:
> mount -t nfs4 -o rw,sec=krb5 jota.nat.c.example.com:/nfs /nfs
Your server is not in that domain.
___
w,crossmnt,no_subtree_check,sec=krb5)
I can't see there is a 'user' option for nfs mount.
Best
Longina
-Original Message-
From: sssd-users-boun...@lists.fedorahosted.org
[mailto:sssd-users-boun...@lists.fedorahosted.org] On Behalf Of Longina
Przybyszewska
Sent: 10. augus
>
> I expect to be able to mount NFS share with sec=krb5 as root on client
> using machine credentials.
What mount command are you using?
mount.nfs4 -o rw,sec=krb5 jota.nat.c.example.com:/nfs /nfs
or entry in /etc/fstab: (mount on boot, or with 'mountall' as root)
jota.nat.c.sdu.dk:/nfs /nf
Hi,
I really struggle with "permission denied" while mounting NFS share with
sec=krb5;
Both machines(Ubuntu 14.04) , NFS client and server are configured with SSSD,
and authentication seems to work (only one test user for configuration with
PoSIX ids ;)
'getent passwd longina' returns correct
Check if your ssh client is configured with
GSSAPIAuthentikation=yes
(in /etc/ssh/ssh_config)
This is default in Ubuntu – you don’t write about your client
Best,
Longina
From: sssd-users-boun...@lists.fedorahosted.org
[mailto:sssd-users-boun...@lists.fedorahosted.org] On Behalf Of Johannes
Ramm
> > > > > > >
> Yes, but the local DNS server can just point to the right servers in
> its configuration, in other words redirect to the AD DC. So SRV
> records realmd uses would still be valid, but the address of the
> resolver in resolv.conf wouldn't be usable for dyndns purposes.
>
> > Your
]
On Wed, 2014-06-25 at 11:54 +, Longina Przybyszewska wrote:
> > How SSSD resolves domainname for machine for supplying to nsupdate record?
>
> sssd doesn't do anything. nsupdate sends the dns update calls to
> whatever you have put in /etc/resolv.conf
>
> T
> How SSSD resolves domainname for machine for supplying to nsupdate record?
sssd doesn't do anything. nsupdate sends the dns update calls to whatever you
have put in /etc/resolv.conf
This is not true in my case:
/etc/resolv.conf:
# Dynamic resolv.conf(5) file for glibc resolver(3) generat
I work with sssd & ubuntu & AD trust.
If you don't have to stack for some reason to Ubuntu Lucid distribution -
upgrade today to 14.04 LTS (with sssd-1.11.5 )
Best,
Longina
-Original Message-
From: sssd-users-boun...@lists.fedorahosted.org
[mailto:sssd-users-boun...@lists.fedorahost
With correct domain ;)...
>By default, we contact the server we establish the LDAP connection with. I’m
>sorry, I got a bit lost in the thread — what was >the difference between the
>right server and the wrong server in your setup.
In our case, DNS server is not LDAP - it is separate win DNS s
>By default, we contact the server we establish the LDAP connection with. I’m
>sorry, I got a bit lost in the thread — what was >the difference between the
>right server and the wrong server in your setup.
In our case, DNS server is not LDAP - it is separate win DNS serer.
There is also split
It seems to work - !"#¤%&!
Combination of
-/etc/krb5.conf (though used realm for AD join)
- /etc/resolv.conf ( with the right dns sserver = tweak
/etc/dhcpd/dhclient.conf + /etc/NetworkManager.conf)
-/etc/hostname (fqdn)
-/etc/hosts (off with 127.0.1.1 fqdn shortname --> 127.0.0.1 fqdn shortnam
failure on Ubuntu 14.04[SOLVED]
On Mon, 2014-06-23 at 13:52 +, Longina Przybyszewska wrote:
> /etc/resolv.conf is overwritten af:
> root@skywalker:/home-local/longinap# cat /etc/resolv.conf # Dynamic
> resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
> # DO N
If you used realmd you probably don't have the krb5 stuff installed. You could
try:
[libdefaults]
default_realm = NAT.DOMAIN.ORG
dns_lookup_realm = false
dns_lookup_kdc = true
BUT, all you really need is the IP of a dns server in the domain. The one the
windows clients u
d.org
[mailto:sssd-users-boun...@lists.fedorahosted.org] On Behalf Of Longina
Przybyszewska
Sent: 23. juni 2014 13:45
To: 'End-user discussions about the System Security Services Daemon'
Subject: Re: [SSSD-users] 1.11.5 ddns failure on Ubuntu 14.04[SOLVED]
My AD-admin affirms that the pro
014-06-23 at 09:09 +, Longina Przybyszewska wrote:
> Ok.
> 2 cases:
>
> 1. The first server is the server chosen automatically by service discovery
> - obviously doesn't answer.
Hi
Narrow it down. Set the primary dns on your client to be a dns server
which you know for
inal Message-
From: sssd-users-boun...@lists.fedorahosted.org
[mailto:sssd-users-boun...@lists.fedorahosted.org] On Behalf Of steve
Sent: 22. juni 2014 16:50
To: sssd-users@lists.fedorahosted.org
Subject: Re: [SSSD-users] 1.11.5 ddns failure on Ubuntu 14.04[SOLVED]
On Sun, 2014-06-22 at 14:30 +
@lists.fedorahosted.org
Subject: Re: [SSSD-users] 1.11.5 ddns failure on Ubuntu 14.04[SOLVED] (fwd)
On Fri, 2014-06-20 at 07:37 +, Longina Przybyszewska wrote:
>
> The same happened to the keytab file. Here the right one, corresponding to
> the log file.
>2 05/19/2014 10:36:
Your keytab has DOMAIN.ORG as the realm.
The same happened to the keytab file. Here the right one, corresponding to the
log file. Sorry.
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
--- --
2 0
Your keytab has DOMAIN.ORG as the realm.
Your log has NAT.DOMAIN.ORG
And your sssd.conf has:
NAT.C.SDU.DK
What is the realtionship between the realms?
Sorry , I send the wrong file - this is the right one, corresponding to the log
file:
cat /etc/sssd/sssd.conf
[nss]
debug_level = 9
filte
Log file d7 as attachment.
root@skywalker:/tmp# cat /etc/sssd/sssd.conf
[nss]
debug_level = 9
filter_groups = root
filter_users =
root,lightdm,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd
[sssd]
debug_level = 6
domains =nat.c.sdu.dk
config_file_version = 2
services =
-06-19 at 10:27 +, Longina Przybyszewska wrote:
> I hit the same problem "ddns failure" with desktop client Ubuntu 14.04.
>
> Following discussion, my setup seems to be correct, but host record
> disappeared from DNS and can't be updated.
> After joining with '
I hit the same problem "ddns failure" with desktop client Ubuntu 14.04.
Following discussion, my setup seems to be correct, but host record disappeared
from DNS and can't be updated.
After joining with 'realm' DNS A record was correct set up.
I work on laptop which I use to suspend overnight.
Sent: 17. juni 2014 14:58
To: End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] sssd + realm + SPN
On (17/06/14 12:19), Longina Przybyszewska wrote:
>Nfs spn.
>I have to make setup for Ubuntu nfs-clients with sssd and autofs and Linux
>storage ser
fedorahosted.org
Subject: Re: [SSSD-users] sssd + realm + SPN
On Tue, 2014-06-17 at 08:45 +, Longina Przybyszewska wrote:
> It could be very convenient to have the same method for both joining
> machine and adding service principal names with ‘realmd’, everything
> done from Linux box
It could be very convenient to have the same method for both joining machine
and adding service principal names with 'realmd', everything done from Linux
box.
Do you have plans for that option in realmd?
Best,
Longina
___
sssd-users mailing list
sssd
What about NFS protocol?
Server used to check client's identity in reverse DNS addresses.
Best,
Longina
-Original Message-
From: sssd-users-boun...@lists.fedorahosted.org
[mailto:sssd-users-boun...@lists.fedorahosted.org] On Behalf Of Simo Sorce
Sent: 8. juni 2014 19:45
To: End-user dis
-users@lists.fedorahosted.org
Subject: Re: [SSSD-users] Login with Enterprise Principal Name with AD backend
On Mon, 2014-05-26 at 10:33 +, Longina Przybyszewska wrote:
> How? In fact, to late, already got it.
> What about schema for Posix users? It wasn't there before sfu.
It was in
How? In fact, to late, already got it.
What about schema for Posix users? It wasn't there before sfu.
Best,
Longina
>
> Hello Steve, thank you for the fast reply. I was aware of the AD ldap schema.
>
> I’m avoiding to mess with Unix specific atributes inside AD because Microsoft
> started the
-Original Message-
From: sssd-users-boun...@lists.fedorahosted.org
[mailto:sssd-users-boun...@lists.fedorahosted.org] On Behalf Of Vinícius Ferrão
Sent: 26. maj 2014 00:57
To: End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] Login with Enterprise Pr
stand the "configured:" line in both output ?
What should be my default_realm?
Longina
-Original Message-
From: sssd-users-boun...@lists.fedorahosted.org
[mailto:sssd-users-boun...@lists.fedorahosted.org] On Behalf Of Longina
Przybyszewska
Sent: 24. april 2014 14:4
Still, isn't it preferable to specify all domains in sssd.conf and use for
each, dns_discovery_domain to speed up lookups?
_
> Using ad provider in multi domain environment and Global Catalog search:
> -do I still need the section for each subdomain in sssd.conf? Can I
> configure sssd only f
.
From: sssd-users-boun...@lists.fedorahosted.org
[sssd-users-boun...@lists.fedorahosted.org] on behalf of Longina Przybyszewska
[long...@sdu.dk]
Sent: Wednesday, April 16, 2014 11:22 AM
To: 'End-user discussions about the System Security Services D
How can I find out if my AD supports RFC2307 automounter schema?
longina
-Original Message-
From: sssd-users-boun...@lists.fedorahosted.org
[mailto:sssd-users-boun...@lists.fedorahosted.org] On Behalf Of Ondrej Valousek
Sent: 10. april 2014 10:28
To: End-user discussions about the Syst
10:42:42AM +, Longina Przybyszewska wrote:
> I think, it is worth to mention the 'msktutil' for joining AD; it is
> specially useful for installing a batch of computers, Is well documented with
> a lot of options. It lets to join domain independent from samba, with full
&g
I think, it is worth to mention the 'msktutil' for joining AD; it is specially
useful for installing a batch of computers,
Is well documented with a lot of options. It lets to join domain independent
from samba, with full control on creating keytab, encryption type, required
UPN/SPN names etc .
r downcall
Mange hilsner
Longina
-Original Message-
From: sssd-users-boun...@lists.fedorahosted.org
[mailto:sssd-users-boun...@lists.fedorahosted.org] On Behalf Of John Hodrien
Sent: 12. marts 2014 11:54
To: End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD
un...@lists.fedorahosted.org
[mailto:sssd-users-boun...@lists.fedorahosted.org] On Behalf Of John Hodrien
Sent: 12. marts 2014 11:54
To: End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] no permission -sssd-1.11.1 Trusty automount nfs4+krb
On Wed, 12 Mar 201
4 21:27:21
krbtgt/nat.c.example@nat.c.example.org
renew until 03/13/2014 11:27:21
03/12/2014 11:27:22 03/12/2014 21:27:21
nfs/jota.nat.example@nat.c.example.org
renew until 03/13/2014 11:27:21
longina@jedi:/$
Med venlig hilsen
Longina Przybyszewska
Systemprogrammør,
users-boun...@lists.fedorahosted.org
[mailto:sssd-users-boun...@lists.fedorahosted.org] On Behalf Of Longina
Przybyszewska
Sent: 10. marts 2014 12:59
To: 'd...@redhat.com'; sssd-users@lists.fedorahosted.org
Subject: Re: [SSSD-users] sssd-1.11.1 Trusty automount nfs4+krb+sssd
The krb5.conf is configured
ddr=10.80.8.91,local_
> lock=none,addr=10.144.4.254 0 0
>
> df -h
> ...
> jota.a.domain.com:/nfs4/jota/long 1.8T 2.1G 1.7T 1% /home/long
> Any ideas ?
>
> Best
> longina
>
> Med venlig hilsen
>
> Longi
4+krb+sssd
On 03/07/2014 06:02 AM, Longina Przybyszewska wrote:
> Hi again,
> The pieces of the automount works almost... ;( My transition step
> towards getting automount on login with 'autofs' as sssd service, looks like
> that:
>
> -I can authenticate with sssd an
home/long
Any ideas ?
Best
longina
Med venlig hilsen
Longina Przybyszewska
Systemprogrammør, IT-service
Tlf.+45 6550 2359
Mobil +45 6011 2359
Email long...@sdu.dk
Web http://www.sdu.dk/ansat/longina
Adr.Campusvej
> Hi,
> Ubuntu Saucy nfs4+krb+sssd server
> Ubuntu Trusty client,sssd+autofs
>
> I can manually mount directory (nfs4+krb) as root on the client.
>
> Is it possible on client, use SSSD with autofs service, with
> automounter referring to the flat files , /etc/auto.master ,/etc/auto.home,
> no
Hi,
Ubuntu Saucy nfs4+krb+sssd server
Ubuntu Trusty client,sssd+autofs
I can manually mount directory (nfs4+krb) as root on the client.
Is it possible on client, use SSSD with autofs service, with automounter
referring to the flat files ,
/etc/auto.master ,/etc/auto.home, not to ldap?
Ho
1 - 100 of 163 matches
Mail list logo