And finally I wanted to follow up to say that I am now 34-36 days (systems
joined in a staggered fashion) in since I disabled password changes on the
clients and there have been, so far, no ill effects, and no lock outs. Just
another data point, it has worked for me so far.
-Erinn
Again the best that I can find is that controls like the aforementioned effect
the behavior of the client not the server. The client is in control of changing
passwords/renewing keytabs, and unless there is a third party utility in use
the AD does not enforce a password change requirement or
My first experience with SSSD for SFTP authentication was having a higly
critical system's authentication going off because I didn't know about adcli,
so I didn't install it. After exactly 30 days, the AD server changed that
machine account's password, but the linux server didn't. Those were
Also as another data point there is another thread currently going on in this
mailing list:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org/thread/LD754UXTSMZOJTGDQPO3KG67TKTFMARA/
that seems to imply that the machine password DOES need to be changed
So the very very short version is, yes you can make this work, you need
to join the system using the samba tools (winbind), you then need to
manually configure sssd to work. Basically as long as they
/etc/krb5.keytab is there and valid you are golden BUT there are a lot
of bugs and RFEs in this
Hi, Erin
Thank you so much for your answer. This is exactly what I'm looking for.
Will be waiting for it.
Em sexta-feira, 12 de outubro de 2018 15:04:45 BRT, Erinn Looney-Triggs
escreveu:
On 10/12/18 7:30 AM, Simo Sorce wrote:
> On Fri, 2018-10-12 at 13:21 +, Reinaldo Souza Gomes
On 10/12/18 7:30 AM, Simo Sorce wrote:
> On Fri, 2018-10-12 at 13:21 +, Reinaldo Souza Gomes wrote:
>> Jakub,
>> I see. Thank you.
>>
>> Simo,
>> Is this gssntlmssp package meant to work on CentOS 7.5 / Samba 4.7?
> Yes to authenticate as a domain member you need to have winbind
> installed,
On Fri, 2018-10-12 at 13:21 +, Reinaldo Souza Gomes wrote:
> Jakub,
> I see. Thank you.
>
> Simo,
> Is this gssntlmssp package meant to work on CentOS 7.5 / Samba 4.7?
Yes to authenticate as a domain member you need to have winbind
installed, configured and working correctly on the system.
Jakub,
I see. Thank you.
Simo,
Is this gssntlmssp package meant to work on CentOS 7.5 / Samba 4.7? If so, is
there any configuration needed? I would like my Samba server to be able to
handle NTLMSSP authentication for windows' clients, while using SSSD as the
authentication layer, if
> On 11 Oct 2018, at 02:08, Reinaldo Souza Gomes
> wrote:
>
> I know that this is an old topic, but I've seen contradictory answers in
> different places.
>
> Some topics say that SSSD has no support for NTLM due to its inherently
> unsecure nature, and will never have.
Currently SSSD
10 matches
Mail list logo