A better place for this question is the sssd-users list (which I've just CCed).
On Fri, Jul 15, 2022 at 7:24 AM Sergio Belkin wrote:
>
> Hi, I've configured sssd to use session recording along with tlog but it's
> not working.
>
> I don't use any domain for authentication, all users are local
>
On Fri, Nov 15, 2019 at 7:57 AM Pavel Březina wrote:
>
> We, developers, always use S-S-S-D. I have never heard anyone saying
> Triple-S-D :-)
The "correct" pronunciation is "Ess Ess Ess Dee". It's just the
initials. That said, some people use "Triple Ess Dee" and that's fine
too.
(I've also
On 04/20/2017 11:08 AM, Troels Hansen wrote:
> I'm trying to force SSSD to only communicate encrypted, because of company
> rules.
> I think i'm missing something:
>
> SSSD configured with: id_provider = ad
>
> and DNS service resolution is enabled (default)
>
> I have tried about every
On 01/12/2017 08:49 AM, jake.ridd...@gmail.com wrote:
> The target host logs this in /var/log/secure:
>
> Jan 12 11:20:41 jr-centos sshd[2892]: pam_sss(sshd:auth): authentication
> success; logname= uid=0 euid=0 tty=ssh ruser= rhost=[REDACTED] user=bob
>
> Jan 12 11:20:41 jr-centos sshd[2892]:
On 12/29/2016 09:03 AM, Jakub Hrozek wrote:
>> If I configure the server to enforce STARTTLS is SSSD "smart enough" to
>> work with that if I use sssd-ad or would I need to go the LDAP+Kerberos
>> route in order to configure some of the TLS-related settings?
>>
>
> The gssapi authentication is
On 09/07/2016 02:22 AM, Joakim Tjernlund wrote:
> On Tue, 2016-09-06 at 20:51 +0200, Lukas Slebodnik wrote:
>> On (06/09/16 17:36), Joakim Tjernlund wrote:
>>>
>>> I just get no such user unless I enumerate the domain, is that really
>>> needed ?
>>> sssd-1.13.4
>>>
>> It's very difficult to say
On 09/07/2016 08:16 AM, Ondrej Valousek wrote:
> The config you have does not make any sense, really.
> Obviously you have id_mapping turned on - in this case SSSD ignores any
> RFC2307 attributes in AD - including loginshell.
> If you want SSSD to honour RFC2307 attrs in AD, you need to turn
>
On 08/09/2016 03:42 PM, Thomas Beaudry wrote:
> (Tue Aug 9 15:39:32 2016) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending
> request with the following data:
> (Tue Aug 9 15:39:32 2016) [sssd[pam]] [pam_print_data] (0x0100): command:
> SSS_PAM_AUTHENTICATE
> (Tue Aug 9 15:39:32 2016)
On 07/27/2016 08:42 AM, Ondrej Valousek wrote:
> It has Gnome installed, but none is using it.
If GNOME is not in use, then this can't be the same problem, sorry. This only
happens if an active user is signed in to GNOME. And it only affects the current
user.
> I do not know what triggers it
On 07/27/2016 08:38 AM, John Hodrien wrote:
> On Wed, 27 Jul 2016, Stephen Gallagher wrote:
>
>> Is this on a GNOME workstation? We recently discovered a bug in GNOME Online
>> Accounts that can (in rare circumstances) cause the keyring to fill up with
>> garbage
On 07/27/2016 06:12 AM, Ondrej Valousek wrote:
> Hi List,
>
>
>
> Or RH-7 box I am getting message like this:
>
>
>
> [root@spartacus bin]# kinit
>
> kinit: Disk quota exceeded while getting default ccache
>
>
>
> Google gave this: https://bugzilla.redhat.com/show_bug.cgi?id=1017683
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/20/2016 08:02 AM, Jakub Hrozek wrote:
> On Wed, Jan 20, 2016 at 12:16:50PM -, h...@miracle.dk wrote:
>> Hi
>>
>> I have several users in my AD. All of them can now login with ssh
>> to the Linux server which is not intended.
>>
>> In the
On Thu, 2015-08-20 at 00:54 +0200, Michael Ströder wrote:
Dmitri Pal wrote:
On 08/19/2015 03:53 PM, Jakub Hrozek wrote:
On Wed, Aug 19, 2015 at 09:49:22PM +0530, Rajnesh Kumar Siwal
wrote:
Any suggested workaround .
You can use nss-pam-ldapd just for the hosts database and sssd
- Original Message -
From: James Ralston rals...@pobox.com
To: End-user discussions about the System Security Services Daemon
sssd-users@lists.fedorahosted.org
Sent: Wednesday, May 6, 2015 1:28:35 PM
Subject: [SSSD-users] please do not remove enumeration from AD provider
On Wed,
On Tue, 2014-10-21 at 09:39 +0100, John Hodrien wrote:
On Tue, 21 Oct 2014, Lukas Slebodnik wrote:
Packages for some older distributions then fedora 21 are available in
COPR http://copr-fe.cloud.fedoraproject.org/coprs/lslebodn/sssd-1-12/
Thanks for this.
In RHEL7 we have
On Tue, 2014-10-21 at 22:02 +0200, Lukas Slebodnik wrote:
On (21/10/14 15:42), Stephen Gallagher wrote:
On Tue, 2014-10-21 at 15:22 -0400, Simo Sorce wrote:
On Tue, 21 Oct 2014 09:39:07 +0100 (BST)
John Hodrien j.h.hodr...@leeds.ac.uk wrote:
On Tue, 21 Oct 2014, Lukas Slebodnik
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/15/2014 01:53 PM, Nordgren, Bryce L -FS wrote:
Do I get it right that you are not actually trying to run systemd
itself as a user but to start a service by systemd that will run
as an SSSD user. You might have chicken and egg problem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/18/2014 06:06 AM, Jakub Hrozek wrote:
On Thu, Jul 17, 2014 at 12:54:54PM -0300, Felipe Pereira wrote:
Is there a way to dump all config settings?
I'd like to know the defaults configured for everything I didn't
set in the sssd.conf.
If
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/09/2014 05:28 PM, Jakub Hrozek wrote:
On 07 Jul 2014, at 11:00, John Snowdon
john.snow...@newcastle.ac.uk wrote:
Hi,
I'm currently working on an sssd configuration to replace a set
of legacy authentication and authorization mechanisms
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/02/2014 07:51 AM, John Hodrien wrote:
On Mon, 2 Jun 2014, Stephen Gallagher wrote:
This is the real problem. If SSSD can route to the IP address,
then we have to proceed assuming that the LDAP server should be
available (thereby attempting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/29/2014 07:40 AM, Jakub Hrozek wrote:
On Mon, Apr 21, 2014 at 10:05:58AM -0400, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
On 04/17/2014 04:13 AM, Jakub Hrozek wrote:
On Wed, Apr 16, 2014 at 10:47:10PM -0400
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/22/2014 08:55 AM, Rowland Penny wrote:
On 22/05/14 13:50, John Hodrien wrote:
On Thu, 22 May 2014, Rowland Penny wrote:
Not on Ubuntu it isn't ;-)
I'd argue that Ubuntu just has incorrect behaviour then.
If you look at man hosts on an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/09/2014 07:32 AM, Michael Ströder wrote:
HI!
How does sssd decide whether to send searches with filter
(objectClass=ipService) or not?
Does it depend on services: sss set in /etc/nsswitch.conf?
Yes, 'service: sss' must be set and some
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/09/2014 08:49 AM, Michael Ströder wrote:
On Fri, 09 May 2014 07:59:25 -0400 Dmitri Pal d...@redhat.com
wrote
On 05/09/2014 07:32 AM, Michael Ströder wrote:
Does it depend on services: sss set in /etc/nsswitch.conf?
Yes
Maybe I should
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/17/2014 04:13 AM, Jakub Hrozek wrote:
On Wed, Apr 16, 2014 at 10:47:10PM -0400, Simo Sorce wrote:
On Wed, 2014-04-16 at 19:49 -0400, Dmitri Pal wrote:
I had some interesting experience during Red Hat summit. The
network was significantly
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/02/2014 07:41 AM, Jakub Hrozek wrote:
On Wed, Apr 02, 2014 at 12:02:41PM +0300, Thomas B. Rücker
wrote:
Hi,
we're using SSSD in combination with active directory and have
received complaints from users about a corner case in our setup.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/21/2014 12:40 PM, kevin sullivan wrote:
Thanks for the input Dmitri!
It is up to you where you draw the line between local accounts
and central accounts but moving everything including root seems
to me to be too much.
I agree that it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/21/2014 04:46 AM, Sumit Bose wrote:
On Thu, Feb 20, 2014 at 10:22:53PM +0100, Jakub Hrozek wrote:
On Thu, Feb 20, 2014 at 04:13:51PM -0500, Simo Sorce wrote:
On Thu, 2014-02-20 at 16:01 -0500, Stephen Gallagher wrote:
-BEGIN PGP SIGNED
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Due to popular request, I am offering a completely unofficial and
unsupported repository of the latest 1.9.x LTM bits for RHEL 5 and
derivatives. The latest official version supported by the distribution
is 1.5.x.
These packages are built from the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/20/2014 03:37 PM, John P Arends wrote:
I’m new to SSSD in general. I configured a RHEL 6.5 machines to
authenticate against a 2008 R2 AD using ldap_id_mapping because
our AD does not have unix information defined for users. All
appears to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/10/2013 10:40 AM, Dan Candea wrote:
On 12/10/2013 05:21 PM, Jakub Hrozek wrote:
On Tue, Dec 10, 2013 at 04:57:47PM +0200, Dan Candea wrote:
On 12/09/2013 07:00 PM, Lukas Slebodnik wrote:
I would suggest to configure sssd against AD with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/21/2013 11:29 AM, Olivier OLG wrote:
Hello there,
two observations about using authconfig to switch from ldap to sssd
on redhat6 :
1- why does authconfig stops sssd when it's launched with
--enablesssd --enablesssdauth flags (rather
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/22/2013 12:13 PM, ted.r...@faa.gov wrote:
Hi!
We have been working this problem for two weeks debugging. We have
389-ds running and multi-master with 3 RHEL6 servers and a RHEL5.
The RHEL5 ldap clients authenticate correctly to the RHEL6
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/15/2013 12:45 PM, Bright, Daniel wrote:
Well It looks like I’ve answered my own question with some trial
and error, I replaced the nss stuff that I had in ldap.conf with
this:
ldap_group_search_base =
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/14/2013 12:55 PM, Chris Hartman wrote:
Maybe try to use the dyndns_iface option
This forced an IPv6 record update :)
How come this wasn't done automatically, though?
While entirely possible, it's a bit of a pain to set the interface
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/11/2013 08:07 AM, Olivier wrote:
Hello Stephen,
this is done : https://bugzilla.redhat.com/show_bug.cgi?id=1018189
I have reported it as an authconfig bug, I think it might also be
something to be considered at sssd level : should'nt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/09/2013 12:20 PM, Chris Hartman wrote:
Well, in a related development, it appears there is a hardware
issue with the testing PC- bad hard disk. Will replace, reinstall
OS, and re-test.
However, there is definitely a case sensitivity issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/11/2013 08:41 AM, Olivier wrote:
Hello Mikael,
I don't know if sssd.conf support this syntax, nor authconfig, but
that would not work for me anyway.
authconfig generates other configurations than sssd.conf such as
pam_ldap.conf for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/09/2013 01:22 PM, Dmitri Pal wrote:
On 10/09/2013 01:05 PM, Ondrej Valousek wrote:
Hi List,
I have noticed that since F19 I can not use lines beginning with
spaces in sssd.conf - sssd complains otherwise. Was this an
intentional change?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/09/2013 01:06 PM, Chris Hartman wrote:
Could you file a bug against pam_mkhomedir?
I can definitely do this, though I'm not exactly sure what the bug
is because I don't think I understand the problem fully.
mkhomedir.so doesn't play nice
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/01/2013 04:35 PM, Timo Aaltonen wrote:
On 01.09.2013 21:43, Dmitri Pal wrote:
On 09/01/2013 02:20 PM, Timo Aaltonen wrote:
- dyndb support in bind * haven't asked the maintainer to add
it to bind9, it might happen
Are you talking about
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/21/2013 01:58 PM, John Uhlig wrote:
oops! please excuse previous reply re: SHA1. John.
It would be very helpful if you could include your sssd.conf. I
strongly suspect that you have a typo in your configuration
somewhere.
I have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/01/2013 02:13 PM, Licause, Al (CSC AMS BCS - UNIX/Linux Network
Support) wrote:
I have been testing different configurations of sssd and RHEL V6.3
and V6.4.
The sssd version on RHEL V6.3 is sssd-1.8.0-32.el6.x86_64
The sssd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/20/2013 02:20 PM, Dmitri Pal wrote:
On 05/20/2013 02:15 PM, Stephen Gallagher wrote:
On 05/20/2013 12:50 PM, John Bossert wrote:
Sorry for leaving out specifics.
$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/09/2013 09:58 AM, Wojtak, Greg (Superfly) wrote:
Thanks for the help. Would a similar solution be to set the
ldap_access_filter to ((cn=unix team,Š)(cn=server1access,...))
with the server1access group containing the member's dn's? The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu 25 Apr 2013 02:02:56 PM EDT, Brandon Foster wrote:
On Wed, Apr 24, 2013 at 11:20 AM, Stephen Gallagher
sgall...@redhat.com wrote:
* *BEGIN ENCRYPTED or SIGNED PART* *
On Wed 24 Apr 2013 02:15:51 PM EDT, Brandon Foster
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/24/2013 12:49 PM, Brandon Foster wrote:
On Tue, Apr 23, 2013 at 12:20 PM, Stephen Gallagher
sgall...@redhat.com wrote:
...
Would you mind trying out the SSSD from CentOS 6.4 to see if
this particular crash has already been fixed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue 23 Apr 2013 12:55:19 PM EDT, Brandon Foster wrote:
hey all, Im new to sssd and ldap so be gentle =)
I've followed some guides on how to set up sssd ldap client
authentication on Centos 6.3 but mine doesnt seem to be working
here is my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/16/2013 12:27 PM, Russell Jones wrote:
Hi all,
SSSD 1.9.2 on CentOS 6.
I am attempting to configure SSSD to authenticate against AD via
LDAP. When starting the daemon though, the logs get filled with
failure messages about being unable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/16/2013 07:15 PM, Russell Jones wrote:
On 4/16/2013 1:40 PM, Stephen Gallagher wrote:
Looking at that SID, the RID portion of it is is *really* large.
The last section there is 1153286127 (split up, that's
1,153,286,127).
Given
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/12/2013 08:26 AM, Licause, Al (BCS) wrote:
The following entry into an ldap.conf file on a RHEL V5 system
provides for the ability to limit users
based in their GID values:
nss_base_passwd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/11/2013 08:15 AM, Sutton, Harry (GSSE) wrote:
After getting sssd logins working yesterday (thanks again, Sumit),
I was pleasantly surprised to find I was able to login this morning
with my domain credentials from home /before/ I had
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/11/2013 09:03 AM, Sutton, Harry (GSSE) wrote:
On 04/11/2013 08:44 AM, Stephen Gallagher wrote:
Also, try the following experiment:
time id -G localuser
and show me the output.
On the Fedora laptop:
real0m58.014s user
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/10/2013 11:04 AM, Sutton, Harry (GSSE) wrote:
Okay, I'm seeing something in my logs that points to why I'm not
authenticating with pam_sss.so, and it may be unique to our
environment here at HP, although I suspect others will eventually
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed 10 Apr 2013 01:04:03 PM EDT, Sutton, Harry (GSSE) wrote:
On 04/10/2013 11:12 AM, Stephen Gallagher wrote:
You can change the domain delimiter in SSSD with the
re_expression option in the [sssd] section. By default it
assumes user
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu 28 Mar 2013 10:01:43 AM EDT, Michael Ströder wrote:
Ok, now I'm stuck with this output of OpenLDAP lib checks when
running 1.9.4's configure:
checking for LDAPDerefRes... no configure: error: The OpenLDAP
version found does not contain
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu 28 Mar 2013 10:15:10 AM EDT, Michael Ströder wrote:
On Thu, 28 Mar 2013 10:05:35 -0400 Stephen Gallagher
sgall...@redhat.com wrote
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
On Thu 28 Mar 2013 10:01:43 AM EDT, Michael Ströder wrote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/19/2013 02:27 PM, Mathieu Lemoine wrote:
According to your configuration, SSSD is connecting anonymously to the
LDAP server (you don't have a bind user or password configured). Can
you install the openldap-clients package (or whatever its
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon 14 Jan 2013 04:28:57 PM EST, Jakub Hrozek wrote:
On Mon, Jan 14, 2013 at 08:37:56PM +, Daniel Laird wrote:
I am stuck with Ubuntu 10.04 (no chance of upgrading our servers).
This means I am currently running SSSD 1.0.5.
This is a very,
On Tue 27 Nov 2012 03:51:55 PM EST, Iain Morgan wrote:
Hello,
I recently began experimenting with sssd (1.8.0) and have run into an
issue with its support for password expiration. Specifically, the case
where sssd is configured to use LDAP and the user authenticates via SSH
public-key.
If a
On 10/25/2012 06:59 PM, Dmitri Pal wrote:
On 10/25/2012 06:38 PM, Paul B. Henson wrote:
On 10/25/2012 9:41 AM, Dmitri Pal wrote:
BTW SSSD connects in an authenticated way.
I assume you mean it supports connecting with authentication;
considering I have provided it no credentials I would be
On 10/16/2012 08:25 AM, Longina Przybyszewska wrote:
HI,
Thanks, but actually I asked if I can use _Linux NIS_ server for authorization.
You say I have to move NIS maps into AD and use Windows NIS – that means “no”
?. .
All users at my site have accounts in AD, and in addition, Linux users
62 matches
Mail list logo