On Wed, Apr 15, 2015 at 10:40:48AM +0200, Ola Nystrom wrote:
> Ok, so I have to really remove all files. Not just use sss_cache as I do
> when I am lazy.
>
> It works now.
>
> [root@galaxy ~]# rm -f /var/lib/sss/mc/*
> [root@galaxy ~]# rm -f /var/lib/sss/db/*
>
> Then sssd use the config.
>
> s
On Wed, Apr 15, 2015 at 02:36:32PM -0400, tmpchq wrote:
> I noticed that when login to IPA server (mripa1) itself, the only PAM
> process is PAM_OPEN_SESSION,
> whereas for mripadm it goes through 5: PAM_AUTHENTICATE, PAM_ACCT_MGMT,
> PAM_SETCRED,
> PAM_OPEN_SESSION, PAM_SETCRED in that order. I ha
On Wed, Apr 15, 2015 at 02:17:38PM +0200, Thomas HUMMEL wrote:
> On Wed, Apr 15, 2015 at 08:41:38AM +0200, Jakub Hrozek wrote:
>
> > I think this means the frontend (responder) either checks too soon
>
> But in that case wouldn't it see no answer instead of wrong or in
On Wed, Apr 15, 2015 at 02:35:08PM +0200, Olivier wrote:
> Thanks Michael,
>
> > Note that password policy response controls can only be used when sssd
> actually tries to verify the user's password with a LDAP (simple)
> > bind request. Obviously this won't work if you completely disabled
> passw
On Wed, Apr 15, 2015 at 10:58:12PM +0200, Jean-Baptiste Denis wrote:
> > A shot in the dark but maybe worth a try - can you try disabling the
> > cleanup task?
> >
> > ldap_purge_cache_timeout = 0
> >
> > in the [domain] section. The cleanup might cause some groups with no
> > members to be removed
On Thu, Apr 16, 2015 at 11:37:53AM +0200, Jean-Baptiste Denis wrote:
> > I was suspecting a race condition, because as well as the rest of SSSD,
> > the cleanup task is asynchronous. I was suspecting the following might
> > have happened:
> > - initgroups starts:
> > - users are written
On Thu, Apr 16, 2015 at 05:07:53PM +0200, Bobby Prins wrote:
> (Thu Apr 16 15:51:08 2015) [sssd[be[unix.example.corp]]] [ldb] (0x4000):
> cancel ldb transaction (nesting: 2)
> (Thu Apr 16 15:51:08 2015) [sssd[be[unix.example.corp]]]
> [sysdb_set_entry_attr] (0x0080): ldb_modify failed: [Attribute
On Tue, Apr 21, 2015 at 11:37:44PM +0200, Jean-Baptiste Denis wrote:
> > I think I've got a test case without involving slurm. It is quite
> > reproductible
> > on my machine. Since it looks like a race, you may need to tweak the
> > parameter
> > of the python script.
>
> Hi,
>
> does anyone f
On Tue, Apr 21, 2015 at 03:26:05PM +, Sterling Sahaydak wrote:
> I'm using sssd with pam, OpenLDAP and OpenLDAP proxy to Active Directory in
> a sub-domain (sj)
>
> [root@ldap ~]# sssd --version
> 1.11.6
>
>
> sssd.conf(sj) => slapd.conf(sj) => AD-sj
>
>
> and noticing a message in the ss
On Fri, Apr 24, 2015 at 07:40:13PM +0200, Jean-Baptiste Denis wrote:
> On 04/23/2015 09:11 PM, Chris Petty wrote:
> > I actually tried it and it was reproducible on my system using sssd 1.11.6
> > ( ad and ldap config ).
>
> Thank you for trying it on your side and reporting it. I was able to rep
On Tue, Apr 28, 2015 at 08:52:32AM +, Majid Khan wrote:
> Hi,
>
> I am getting the following from some of the clients machine I'm not sure why
> some of them sending this info otherwise my authentication and login all is
> working fine but I'm concern why its happening and my log is full of
On Tue, Apr 28, 2015 at 10:17:23AM +, Majid Khan wrote:
> Hi Jakub,
> Sorry for sending you the info in pieces this is the complete log:
You're looking for get_client_cred message to see who connected to SSSD
and requested the ID.
btw I just tested filter_users and filter_groups with numerica
On Tue, Apr 28, 2015 at 11:17:53AM +, Majid Khan wrote:
> so is there any work around to fix this? and does it have any impact on the
> LDAP server?, one thing is for sure that the server is getting hit with these
> request quite frequently like after 4 secs and we have many other client
> m
On Tue, Apr 28, 2015 at 03:11:09PM +, Sterling Sahaydak wrote:
> I'm setup in Centos 6.6 with sssd 1.11.6 using openldap and openldap proxy
> to Active Directory.
>
> I have working getent passwd and getent group , id
> etc. not a problem.
>
> So, trying to get ssh to work as well.
>
>
>
On Wed, Apr 29, 2015 at 12:50:02PM +, Ondrej Valousek wrote:
> Hi List,
>
> I am experiencing a strange error with sssd-1.11.6-30 on RHEL-6 machine it
> produces error:
Do you have the latest updates installed?
>
> (Wed Apr 29 12:05:02 2015) [sssd[be[default]]] [sdap_get_generic_ext_done]
On Wed, Apr 29, 2015 at 04:23:01PM +, Sterling Sahaydak wrote:
> Solved my issue!
>
> The key wasn't from the messages running sssd using: /usr/sbin/sssd -D
> -ddd and reading what was sent to screen.
>
> Instead it was looking within the sssd_LDAP.log file itself:
>
> (Wed Apr 29 11:42:58
On Wed, Apr 29, 2015 at 04:35:29PM +, Sterling Sahaydak wrote:
> Thanks Jakub.
>
> Hmmm, not sure I understand, can you elaborate with an example using
> dc=ad,dc=example,dc=com?
Well, your example used:
ldap_access_filter = memberof=cn=groupname,ou=groups,dc=ad,dc=example,dc=com
Which r
On Wed, Apr 29, 2015 at 06:33:01PM +, Galen Johnson wrote:
> I want to be sure I understand this as well...
>
> So, when you have ldap_group_search_base defined, using simple will look for
> any group name that
> is defined where the groupname would be (essentially) cn=groupname within the
On Tue, May 05, 2015 at 01:35:20PM +0200, Lukas Slebodnik wrote:
> On (05/05/15 12:16), Simon wrote:
> >Hi,
> >
> >I have configured an Ubuntu 14.04 server to authenticate against, and use
> >attributes from, Active Directory running on Server 2008 R2.
> >
> >However, I have a seemingly odd issue w
On Tue, May 05, 2015 at 02:59:18PM +0200, Lukas Slebodnik wrote:
> On (05/05/15 12:29), torgeir.wulfsb...@kongsberg.com wrote:
> >Hi!
> >
> >I can't get "dyndns_update" to work when I have "ldap" as "id_provider".
> >Having set "debug_level = 9", I do not see any "update add/delete" entries
> >in
On Tue, May 05, 2015 at 07:02:12PM +0200, Jean-Baptiste Denis wrote:
> > python3 was optional from beginning but we recently added hint to configure
> > script how to disable it.
> > sssd-1.12 is very close to master so I do not expect any difference.
>
> Indeed.
>
> I've just compiled the git ma
On Wed, May 06, 2015 at 07:47:11AM +0200, Lukas Slebodnik wrote:
> On (06/05/15 01:12), James Ralston wrote:
> >Hi,
> >
> >I think this problem may be part (or related to) the "FreeIPA/SSSD
> >LDAP cross-forest trust slow queries" issue, but I'm not sure.
> >
> >We've been testing sssd on our RHEL6
On Wed, May 06, 2015 at 11:30:48AM +0200, Jean-Baptiste Denis wrote:
> > I guess none of your machines are (or could be) accessible publicly if
> > we can't reproduce the bug in-house at all?
>
> This should be doable in a few days/next week. May I contact you and Lukas
> off-list for the details
On Wed, May 06, 2015 at 01:02:22PM -0400, James Ralston wrote:
> What do you recommend doing for RHEL6 (currently on
> 1.11.6-30.el6_6.4)?
>
> 1. Use your 1.12.5 packages on RHEL6?
>
> 2. Wait for Red Hat to backport the patch for ticket/2588 to
> their 1.11.6 branch?
Unlikely
On Wed, May 06, 2015 at 09:07:23PM -0400, James Ralston wrote:
> On Wed, May 6, 2015 at 1:26 PM, Jakub Hrozek wrote:
>
> > On Wed, May 06, 2015 at 01:02:22PM -0400, James Ralston wrote:
> >
> > > 3. Wait for Red Hat to rebase RHEL6 to 1.12.5?
> >
> > RHE
On Thu, May 07, 2015 at 01:18:52PM +0200, Lukas Slebodnik wrote:
> On (07/05/15 12:45), Sumit Bose wrote:
> >On Thu, May 07, 2015 at 11:35:21AM +0100, John Beranek wrote:
> >> Hi all,
> >>
> >> I've just built a RHEL 6.7 Beta VM to test the new SSSD release, and have
> >> come across a strange iss
On Sun, May 10, 2015 at 04:18:58PM +0100, Jonathan Hunter wrote:
> Sorry to reply to my own post, but I think I have tracked this one
> down and resolved in the meantime - so am posting to the archive for
> posterity in the hope it may help others, also.
>
> I think I have tracked this down to a r
15 1:28:35 PM
> > Subject: [SSSD-users] please do not remove enumeration from AD provider
> >
> > On Wed, May 6, 2015 at 4:27 AM, Jakub Hrozek wrote:
> >
> > > You know, just this morning, I was thinking about enumeration. It
> > > doesn't work for IPA
On Tue, May 26, 2015 at 01:50:05PM +0200, Günther J. Niederwimmer wrote:
> Hello,
>
> I am new with sssd and Linux but I mean it is possible ;-)
>
> I have a centos system created with IPA authentication.
>
> My problem is dovecot in the moment?
>
> is it possible to adapt the Dovecot file for
On Mon, Jun 01, 2015 at 11:11:51AM -0600, Erinn Looney-Triggs wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> This may or may not be related to FreeIPA, but it definitely is
> related to SSSD, so I reckoned I would start here.
>
> I have two FreeIPA servers, after a password change
On Tue, Jun 02, 2015 at 05:12:17PM -0600, Erinn Looney-Triggs wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 06/02/2015 01:20 AM, Jakub Hrozek wrote:
> > On Mon, Jun 01, 2015 at 11:11:51AM -0600, Erinn Looney-Triggs
> > wrote:
> >> -B
On Wed, Jun 03, 2015 at 09:07:06AM +0200, Lukas Slebodnik wrote:
> On (03/06/15 07:02), torgeir.wulfsb...@kongsberg.com wrote:
> >Hi!
> >
> >Could not find much information on this.
> >But I was wondering if it is/or can be supported, that an user in Active
> >Directory (system setup with SSSD), t
'Cannot allocate memory' with FQDNs
Daniel Hjorth (1):
* LDAP: unlink ccname_file_dummy if there is an error
Jakub Hrozek (34):
* Updating the version for the 1.12.5 release
* resolv: Use the same default timeout for SRV queries as previously
* FO: Use SRV TTL in
On Sun, Jun 14, 2015 at 03:35:08PM +0200, Matt . wrote:
> Hi Guys,
>
> Does anyone have the proper commands to build a SSSD package from a git clone
> ?
>
> Would be great as the README doens't contain it at all.
It shouldn't be too different from fedora:
autoreconf -if
configure
m
On Sun, Jun 14, 2015 at 05:50:15PM +0200, Günther J. Niederwimmer wrote:
> Hello,
>
> Am Freitag, 12. Juni 2015, 16:45:29 schrieb Jakub Hrozek:
> >=== SSSD 1.12.5 ===
> >
> > The SSSD team is proud to announce the release of version 1.12.5
On Mon, Jun 15, 2015 at 02:52:06PM +0200, Günther J. Niederwimmer wrote:
> Hello Jakub,
>
> Am Sonntag, 14. Juni 2015, 22:03:00 schrieb Jakub Hrozek:
> > On Sun, Jun 14, 2015 at 05:50:15PM +0200, Günther J. Niederwimmer wrote:
> > > Hello,
> > >
> > > A
On Mon, Jun 15, 2015 at 09:57:42PM +0200, Jakub Hrozek wrote:
> On Mon, Jun 15, 2015 at 02:52:06PM +0200, Günther J. Niederwimmer wrote:
> > Hello Jakub,
> >
> > Am Sonntag, 14. Juni 2015, 22:03:00 schrieb Jakub Hrozek:
> > > On Sun, Jun 14, 2015 at 05:50:15PM +0200,
On Tue, Jun 16, 2015 at 10:00:17AM +0200, Günther J. Niederwimmer wrote:
> Hello,
>
> Is it possible to found out, what sssd have in the cache or send back to a
> program like dovecot from a IPA Server?
yes, with ldb-tools
>
> My dovecot can't find the correct uid, gid to a mail address from
On Tue, Jun 16, 2015 at 11:48:32AM +0200, Günther J. Niederwimmer wrote:
> Hello Jacub,
>
> Am Dienstag, 16. Juni 2015, 10:11:27 schrieb Jakub Hrozek:
> > On Tue, Jun 16, 2015 at 10:00:17AM +0200, Günther J. Niederwimmer wrote:
> > > Hello,
> > >
> > > I
On Tue, Jun 16, 2015 at 12:27:09PM +0200, Günther J. Niederwimmer wrote:
> Hello Jacub,
>
> Am Dienstag, 16. Juni 2015, 11:57:34 schrieb Jakub Hrozek:
> > On Tue, Jun 16, 2015 at 11:48:32AM +0200, Günther J. Niederwimmer wrote:
> > > Hello Jacub,
> > >
> >
On Tue, Jun 16, 2015 at 02:34:38PM -0400, Frank Pikelner wrote:
> 2) Ubuntu 14.04 - Samba and winbind are installed, should they be removed
> before setting up SSSD?
You should pick one method for retrieving users and authenticating and
stick with it. Mixing sssd and winbind might produce inconsis
On Tue, Jun 16, 2015 at 11:15:32PM +0200, Lukas Slebodnik wrote:
> >Ubuntu 14.04 - have been able to get to joining AD domain, but unable to
> >authenticate users after join. SSSD appears to start, die, start, die
> >Issue may be in correct DNS nameserver config as I am not sure if settings
> >
rom different domain controllers
https://fedorahosted.org/sssd/ticket/2661
RFE: Change AD GPO default to enforcing
https://fedorahosted.org/sssd/ticket/2666
sssd with ldap backend throws error domain log
== Detailed Changelog ==
Jakub Hrozek (68):
* MAN: Fix a typo
* SYSDB: Reduce
On Mon, Jun 22, 2015 at 10:11:28AM -0400, Frank Pikelner wrote:
> Hello Timo,
>
> Just to follow up, I've been running SSSD 1.12.5 on Ubuntu 14.04 LTS using
> the AD provider without issues. For DNS the configuration was done in
> Network Manager (not /etc/resolv.conf as it is managed by resolvcon
On Mon, Jun 22, 2015 at 03:28:50PM -0400, Frank Pikelner wrote:
> Yes, can/will provide document. Just let me know how you prefer to get it.
Feel free to send it as an attachment.
Or, for a more direct editing maybe we could use something like an
etherpad/piratepad/etc?
__
On Mon, Jun 22, 2015 at 03:01:33PM -0400, Frank Pikelner wrote:
> Hello,
>
> In my testing it would appear for Dynamic DNS to work (update DNS A and PTR
> records), the Linux client hostsname needs to be FQDN (client123.domain.com)
> defined as one of the hostnames in /etc/hosts for the 127.0.0.1
On Tue, Jun 23, 2015 at 06:42:02AM -0700, Janelle wrote:
> Hello,
>
> My first post here. I have an issue with having occasional failures of LDAP
> servers being used by SSSD. What happens is that when a new server is stood
> up to replace the failed servers, users can't seem to login until SSSD
On Tue, Jun 23, 2015 at 07:52:46AM -0700, Janelle wrote:
> On 6/23/15 7:33 AM, John Hodrien wrote:
> >On Tue, 23 Jun 2015, Janelle wrote:
> >
> >>Servers are behind a load-balancer. Address never changes.
> >
> >But one problem with that is that SSSD will see multiple servers as one
> >server, and
On Tue, Jun 23, 2015 at 11:38:17AM -0400, Frank Pikelner wrote:
> Just to be clear, are you load balancing LDAP servers or you are making
> LDAP/LDAPS requests to Active Directory servers?
>
> With AD, you should not be load balancing domain controllers due to the
> stickiness nature. With 2008 th
On Wed, Jun 24, 2015 at 08:35:10AM +, Ondrej Valousek wrote:
>
> >Hmm, did you consider SRV records as John pointed out elsewhere? Then you
> >could load-balance using weight fields of SRV records..
>
> OT question - not sure if SRV can be used for load-balancing? If we use the
> same prior
On Wed, Jun 24, 2015 at 10:18:26AM -0700, Janelle wrote:
> On 6/24/15 12:38 AM, Jakub Hrozek wrote:
> >On Tue, Jun 23, 2015 at 07:52:46AM -0700, Janelle wrote:
> >>On 6/23/15 7:33 AM, John Hodrien wrote:
> >>>On Tue, 23 Jun 2015, Janelle wrote:
> >>>
On Wed, Jun 24, 2015 at 05:55:28PM +, Carl Pettersson (EXT BN) wrote:
> Hi,
> We're getting this referral related error in our sssd installation. Some
> environment information:
> * CentOS 6.6 clients, sssd v1.11.6
> * Windows 2012R2 domain controllers, 2008R2 functional level, single domain
On Wed, Jun 24, 2015 at 06:38:21PM +, Carl Pettersson (EXT BN) wrote:
> > No, it's a bug in SSSD.
>
> >
>
> > 6.6 is already quite old in SSSD terms, could you please try a newer
>
> > version from this COPR repo?
>
> >https://copr.fedoraproject.org/coprs/lslebodn/sssd-1-12/
>
> >
>
>
On Wed, Jun 24, 2015 at 07:03:26PM +, Carl Pettersson (EXT BN) wrote:
> > On Wed, Jun 24, 2015 at 06:38:21PM +, Carl Pettersson (EXT BN) wrote:
> > > > No, it's a bug in SSSD.
> > >
> > > >
> > >
> > > > 6.6 is already quite old in SSSD terms, could you please try a newer
> > >
> > > > v
On Wed, Jun 24, 2015 at 07:42:48PM +, Carl Pettersson (EXT BN) wrote:
> > > > This is unrelated, I think. Can you check if your CentOS machine's DNS
> > > > record is resolvable in both directions, iow if A and PTR records match?
> > > >
> > > > Can you acquire a ticket with kinit and search
On Wed, Jun 24, 2015 at 09:13:18PM -0400, Frank Pikelner wrote:
> I've shared the WIP document with those that were interested. If anyone
> else would like to review/comments, please let me know and I'll share the
> document.
Yep, thanks, I added some notes.
>
> As the document may be useful to
On Wed, Jun 24, 2015 at 08:57:40PM -0700, Janelle wrote:
>
>
> On 6/24/15 10:52 AM, Jakub Hrozek wrote:
> >On Wed, Jun 24, 2015 at 10:18:26AM -0700, Janelle wrote:
> >>On 6/24/15 12:38 AM, Jakub Hrozek wrote:
> >>>On Tue, Jun 23, 2015 at 07:52:46AM -0700, Jan
On Thu, Jun 25, 2015 at 06:37:14AM +, Carl Pettersson (EXT BN) wrote:
> > > > > > Ldapsearch does not look good:
> > > > > > # ldapsearch -h foo-ad02.a.foo.com -Y GSSAPI -b OU=...
> > > > > > SASL/GSSAPI authentication started
> > > > > > ldap_sasl_interactive_bind_s: Local error (-2)
> >
On Thu, Jun 25, 2015 at 08:39:28AM -0400, Frank Pikelner wrote:
> Hello Jakub,
>
> By all means, please merge any portion of the document you feel is useful.
> I would like to keep expanding the document to include other
> distributions/configuraiton to make it easier for others to start using
> S
On Thu, Jul 02, 2015 at 02:49:08PM +, Ondrej Valousek wrote:
> Hi list,
>
> I have spotted a strange issue with SSSD on Ubuntu 14.04 when using sssd to
> provide maps for automounter. When I start the machine with completely clean
> SSSD cache (rm -rf /var/lib/sssd/db/*, reboot), I can not l
On Thu, Jul 02, 2015 at 11:28:05PM -0400, Frank Pikelner wrote:
>
> More googling, found my answer, SSSD port needs to be reconfigured to add AD
> provider
>
> http://www.freshports.org/security/sssd
The AD provider needs relatively recent Samba libraries and Kerberos
libraries.
___
On Fri, Jul 03, 2015 at 08:15:47AM +, Ondrej Valousek wrote:
> Hi Frank,
>
> Yes, that would work, indeed. The thing is, that it would cripple down
> roaming users that travels between sites.
> But thanks for the hint, anyway.
I don't really have time to do many tests right now, but I would
ticket/2590
SSSD doesn't re-read resolv.conf if the file doesn't exist during boot
https://fedorahosted.org/sssd/ticket/2641
Add a IS_DEFAULT_VIEW macro
https://fedorahosted.org/sssd/ticket/2701
Kerberos-based providers other than krb5 do not queue requests
== Detailed Changelog ==
On Mon, Jul 06, 2015 at 10:57:15PM +0200, Jakub Hrozek wrote:
> === SSSD 1.13.0 ===
>
> The SSSD team is proud to announce the release of version 1.13.0 of
> the System Security Services Daemon.
Sorry about the copy-n-paste bug in Subject. Of course it shou
On Wed, Jul 15, 2015 at 05:11:26PM +0530, Srinivas wrote:
> Hi All,
>
> I am very new to sssd and trying to deploy sssd to our custom embedded
> platform.
>
> I could able to build sssd and its dependencies such as samba, openldap,
> pam-nss-ldapd etc.
This is not sssd dependency at all, but a s
On Thu, Jul 16, 2015 at 10:48:41AM -0400, Dmitri Pal wrote:
> On 07/16/2015 10:46 AM, Ondrej Valousek wrote:
> >Ok, I could do this, but it involves changing sssd configuration.
> >The GPO is much nicer solution - is it now working? It is not clear from the
> >documentation whether it is still a "
On Thu, Jul 16, 2015 at 05:05:45PM +0200, mathias dufresne wrote:
> Hi all,
>
> I'm trying to configure SSSD to access several domains at the same time and
> I'm not able to achieve that.
>
> The two domains are A.DOMAIN.TLD and B.DOMAIN.TLD.
What SSSD version are you running and what is the rel
On Fri, Jul 10, 2015 at 04:50:39PM +, Longina Przybyszewska wrote:
> Hi,
> .k5login doesn't help . Homedir is mounted with sec=krb5 and not accessible
> on ssh server side
> Until get validated krb principal credentials - which seems to be my problem.
>
> I have noticed , I have no libpam-kr
On Thu, Jul 16, 2015 at 03:12:52PM -0400, Christian Tardif wrote:
>
>
> Hi,
>
> I'm working on setting a LDAP proxy (with OpenLDAP) to ActiveDirectory.
> And testing the proxy with SSSD gives me strange results I don't
> understand. When someone is trying to connect to a Linuxbox on which
> SS
On Fri, Jul 17, 2015 at 10:22:37AM +0200, mathias dufresne wrote:
> SSSD is 1.12.2 from Centos 7.1.1503.
>
> AD are both hosted by Samba 4 and no trust relationship is yet available.
> That's the reason I'm trying to configure two domains rather than dealing
> with global catalogue.
OK, then two
On Fri, Jul 17, 2015 at 03:24:20PM +0530, Srinivasa Rao Ragolu wrote:
> Hi All,
>
> Thanks for your response. I have missed out python2.7 module SSSDConfig.
> That is why I could not able to create sssd.conf using authconfig.
>
>
> Now I am facing new issue. When I run "service sssd start".. Log
On Fri, Jul 17, 2015 at 05:32:41PM +0530, Srinivasa Rao Ragolu wrote:
> BIG BIG Thanks
>
> I could able to run sssd now. If possible could you suggest or give link
> about 1 or 2 test cases to validate this sssd functionality?
Login as a domain user from a non-root account?
It really depends
On Tue, Jul 21, 2015 at 10:59:25AM +0300, Евгений wrote:
> Hi All!
>
> Work very well with sssd+ad provider, but sudo su - very slow working when
> running first time(running again <1sec),
> user1@host$ sudo su - ( slow ~ 8-15 sec).
>
> user1 domain user - member of many groups (+300) in Active
On Tue, Jul 21, 2015 at 09:08:21AM +, Ondrej Valousek wrote:
> OT:
> How comes sudo even works with the AD provider?? You need to extend AD schema
> right?
> Thanks,
Yes:
https://jhrozek.wordpress.com/2014/07/21/add-sudo-rules-to-active-directory-and-access-them-with-sssd/
__
On Tue, Jul 21, 2015 at 12:29:39PM +0300, Евгений wrote:
> Hi :)
>
> 1) sssd in this thread is - sssd-1.11.6-30.el6_6.4.x86_64
> 2) sssd_nss.log:
>
> many,many requests...
> (sample)
>
> (Mon Jul 20 18:58:02 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [_hd_not
On Tue, Jul 21, 2015 at 12:43:48PM +0300, Евгений wrote:
>
> Ok, i have this conf in EL7 envirement. sssd -1.12.2-58.el7.x86_64. In el7
> sssd can work something out?
No, sorry, also too old :-(
Upstream only gained this option in 1.12.5 (in 6.7 there is a backport):
https://fedorahosted.o
On Thu, Jul 23, 2015 at 10:30:54AM +0100, John Beranek wrote:
> So, RHEL 6.7 has been released, but I was surprised at the version
> contained in it:
>
> 1.12.4-47.el6
That's a relict of how RHEL works. You can only put a new tarball until
a certain point, then you're only allowed to add patches
On Thu, Jul 23, 2015 at 12:56:50PM +0200, Lukas Slebodnik wrote:
> On (23/07/15 11:51), Jakub Hrozek wrote:
> >On Thu, Jul 23, 2015 at 10:30:54AM +0100, John Beranek wrote:
> >> So, RHEL 6.7 has been released, but I was surprised at the version
> >> contained in i
On Thu, Jul 30, 2015 at 12:27:00PM +0200, Domenico Viggiani wrote:
> > > to preserve compatibility, I'd like to map the AD users' default group
> > > to a local Linux group.
> > Mixing local groups with LDAP groups is not supported by sssd.
> > BTW do you use POSIX attributes from AD or do you use
On Thu, Jul 30, 2015 at 02:38:11PM +, Longina Przybyszewska wrote:
> I have Ubuntu -LTS with kernel 3.13.0-61
> Sssd 1.12.5
>
> I am preparing production setup based on Ubuntu; gss-proxy looks a bit
> adventures for production.
> What sssd vwrsion do you recommend for profuction?
> In Ubunt
On Mon, Aug 03, 2015 at 01:01:06PM +, Ondrej Valousek wrote:
> I have "stolen" few bits from Jakub's blog to create a similar one about sssd
> & autofs & ad.
> It's here:
> https://ovalousek.wordpress.com/2015/08/03/autofs/
>
> Hopefully someone will find it useful :)
Thanks, this is pretty
On Tue, Aug 11, 2015 at 06:56:28PM +, Thackeray, Neil L wrote:
> I've gotten logins to work from our AD, but for some reason after a while
> they just stop working again. I'm using Ubuntu 14.04.1, sssd 1.12.5.
>
> I don't know why it's trying to contact the AD over 389. We only allow ldaps
>
On Wed, Aug 12, 2015 at 04:31:14PM +, Ondrej Valousek wrote:
> Hi list,
>
> Is sssd broken again in 6.7?
> It was working fine for me as of 1.11.7 - but that was not official version.
> Now I upgraded to the latest one (1.12.4-47) hoping I'll be on the official
> fixed version, and it is eve
On Thu, Aug 13, 2015 at 06:53:56AM +, Ondrej Valousek wrote:
> Ok,
> I think I know what's going on here. I am hitting the bug I have submitted
> before:
> https://fedorahosted.org/sssd/ticket/2702
>
> But I am not behind a firewall now - some domain controllers are simply shut
> down.
> If
On Wed, Aug 12, 2015 at 09:48:38PM -0400, Brendan Kearney wrote:
> i have a fedora 20 install on a desktop that is working and autofs will read
> the auto.master from ldap and i can mount the shares specified in
> auto.shares listed.
>
> i have a fedora 20 install on a laptop that will not work an
On Thu, Aug 13, 2015 at 04:32:12PM +, Longina Przybyszewska wrote:
> Hi,
> I have an issue with SSSD-1.12.5 with resolving group membership.
> Only Posix primary group is displayed for users accounts.
>
> Group is visible on the system but not displayed from 'id' or 'groups'
> commands.
>
On Thu, Aug 13, 2015 at 05:11:41PM -0400, Brendan Kearney wrote:
> On 08/13/2015 03:45 AM, Jakub Hrozek wrote:
> >On Wed, Aug 12, 2015 at 09:48:38PM -0400, Brendan Kearney wrote:
> >>i have a fedora 20 install on a desktop that is working and autofs will read
> >>the
On Fri, Aug 14, 2015 at 08:26:57AM -0400, Dmitri Pal wrote:
> On 08/14/2015 08:24 AM, brendan kearney wrote:
> >
> > I am using rsyslog RELP (reliable event log processing) to steal away
> > logs over syslog-tcp with fifo buffer to store them in a central
> > database, so journalctl is the only loc
> On 14 Aug 2015, at 11:44, Davor Vusir wrote:
>
> Hello!
>
> I'm finetuning sssd and going through the logs. We're using AD as
> authentication source. SSSD is version 1.12.2 and seems to send a faulty
> query to the DC:
What distribution is that?
>
> My sAMAccountName is myLogonID but so
> On 13 Aug 2015, at 09:54, Ondrej Valousek wrote:
>
> Sites won't help here because of 2 reasons:
Pavel, can you keep this issue in mind when you think about the refactoring of
the failover system?
>
> 1. You start up the AD site discovery process sequentially connecting to ALL
> DCs that
> On 15 Aug 2015, at 03:38, Brendan Kearney wrote:
>
> On 08/14/2015 08:59 AM, Jakub Hrozek wrote:
>> On Fri, Aug 14, 2015 at 08:26:57AM -0400, Dmitri Pal wrote:
>>> On 08/14/2015 08:24 AM, brendan kearney wrote:
>>>> I am using rsyslog RELP (reliable
On Mon, Aug 17, 2015 at 02:43:24PM -0400, Dmitri Pal wrote:
> On 08/17/2015 04:15 AM, Tim Biedert wrote:
> > Hi,
> >
> > I’m using SSSD in Ubuntu 15.04 to connect to my university’s Active
> > Directory.
> >
> > Using ignore_group_members = true speeds things up significantly, that’s
> > great.
On Tue, Aug 18, 2015 at 08:03:01AM +, Ondrej Valousek wrote:
> Hi folks,
>
> I have just found out that when I try to use sss_cache against some item
> which is in negative cache (i.e. not found) it does not work.
> Is this expected behavior?
I wouldn't say expected, I stumbled upon this as
On Wed, Aug 19, 2015 at 09:33:38PM +0530, Rajnesh Kumar Siwal wrote:
> Hi ,
>
> We need to fetch the hosts entries from the OpenLDAP Database.
> We can use the nslcd, that worlks fine to fetch the hosts entries from the
> OpenLDAP.
> How do we configure sssd to fetch the same hosts entries from th
On Wed, Aug 19, 2015 at 09:49:22PM +0530, Rajnesh Kumar Siwal wrote:
> Any suggested workaround .
You can use nss-pam-ldapd just for the hosts database and sssd for the
rest, you can use different views or different servers altogether for
public/private views.
btw this is the first time I've hear
On Thu, Aug 20, 2015 at 12:40:07PM +0200, Davor Vusir wrote:
> Hi!
>
> We store our public ssh keys in AD user account (altSecurityIdentities).
> Red Hat release 6.6/sssd 1.11.6. Adding
~~~
6.7 is out for some time with quite some enhancements.
>
>subdomains_pro
trust-deployments/
for some performance tips.
Sorry for being terse.
On Thu, Aug 20, 2015 at 09:29:25PM +0200, Davor Vusir wrote:
>
>
> Jakub Hrozek skrev den 2015-08-20 13:20:
> >On Thu, Aug 20, 2015 at 12:40:07PM +0200, Davor Vusir wrote:
> >>Hi!
> >>
>
On Tue, Aug 25, 2015 at 02:33:43PM +0200, Pavel Březina wrote:
> On 08/21/2015 05:07 PM, Dmitri Pal wrote:
> >On 08/21/2015 09:04 AM, Pierre Neyron wrote:
> >>Hi,
> >>
> >>I would like to use SSSD to allow authentication on linux machines for
> >>users managed in 2 LDAP bases.
> >>
> >>While SSSD i
On Thu, Sep 03, 2015 at 05:31:05PM -0500, jeff macfarland wrote:
> Trying to get rid of having to define NIS groups along with AD. But also
> would like to keep ability to set shell and homedirectory without resorting
> to a template.
>
> However, unixHomeDirectory and loginShell (when defined in
On Tue, Sep 08, 2015 at 09:49:41PM +1000, jupiter wrote:
> Hi,
>
> What are the values to disable memcache_timeout and disable
> entry_cache_timeout, so the memcache and entry_cache in sssd.conf? Shoud
> both be 0?
The cache can't be disabled completely, the cache is used to communicate
between s
801 - 900 of 1346 matches
Mail list logo