Questions tagged [sssd]

System Security Services Daemon (SSSD) - This project provides a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for FreeIPA, LDAP, & Active Directory.

327 questions
35
votes
2 answers

How do I configure LDAP on Centos 6 for user authentication in the most secure and correct way?

During the last couple of days I have been using a lot of F-words, while browsing Internet for good documentation about how to setup an LDAP-server. So far I have found none, but plenty that are less than good, but better than bad. So I had to do it…
Arlukin
  • 1,203
  • 6
  • 18
  • 27
12
votes
1 answer

NTP Service Auto-Discovery

Are there any methods I could use to provide auto-discovery for NTP? I recently moved to a new job that has a parent company that recently started providing Active Directory. I've been implementing SSSD & other stuff authenticating against AD and…
12
votes
2 answers

SSSD rejects LDAP login with su: incorrect password

I've set up an LDAP server with user accounts. I've successfully configured a Rails application to authenticate against this LDAP server. I'm now trying to configure SSSD to authenticate against LDAP, but it doesn't like the individual user…
Leo
  • 973
  • 6
  • 21
  • 38
11
votes
5 answers

Debugging sssd login: pam_sss [...] System error

How does one properly debug the shell login in the following case? Authentication is handled via sssd configuration and a krb5 authentication server. Logging in with the same .conf-file on Ubuntu 16.04 LTS works perfectly. Once one uses it with…
2xB
  • 213
  • 1
  • 2
  • 5
11
votes
3 answers

IPA dynamic DNS updates only the AAAA record. Where are my A records?

I'm setting up a FreeIPA domain. In my lab are three virtual machines: the domain controller ipadc1, and two clients puppet and wordpress (creative, yes, I know). All three VMs are running freshly installed CentOS 6.4 (FreeIPA 3.0.0). I've installed…
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
11
votes
6 answers

sssd and ldap authentication cache

On our box running OpenSUSE 12.2 we have installed OpenLDAP and sssd daemon. We are using these two services for user authentication. Recently we created a script which creates new web-users for our vhosts dynamically, but now we are dealing with a…
Seth Rayer
  • 111
  • 1
  • 1
  • 3
11
votes
6 answers

CentOS 6 + LDAP + NFS. File ownership is stuck on "nobody"

I've been trying to get LDAP authentication and NFS exported home directories on CentOS 6 working for a few days now. I've gotten to the point that I can now login to the client machine using the username and password in LDAP. On the client, /home…
jamieb
  • 3,387
  • 4
  • 24
  • 36
10
votes
4 answers

home dir and shell for Active Directory authenticated users

I have successfully configured sssd and can ssh into a system with AD credentials what I am missing is the creation of a home directory and bash set as the shell. My assumption is that if I log on to a system that does not already have a local linux…
grahamjgreen
  • 841
  • 2
  • 8
  • 12
10
votes
5 answers

How to integrate Active Directory with FreeBSD 10.0 using security/sssd?

What are the required steps to authenticate users from an Active Directory running on Windows Server 2012 R2 in FreeBSD 10.0 using sssd with the AD backend with Kerberos TGT working?
9
votes
1 answer

PAM accepting any password for valid users

I just linked my Arch Linux workstation to the Samba AD I set up for our company. I tested it, and it worked, or so I thought. It accepted my password, created my homedir and everything, and logged me in. What I forgot to test was what it wouldn't…
Dessa Simpson
  • 491
  • 7
  • 25
9
votes
2 answers

SSSD Authentication to Windows Domain without @domain.com everywhere

We're trialling using a Ubuntu 14.04 desktop environment for a few of our developers and I've hooked the machines into the domain with SSSD. This has been working fine. However the system recognises the domain users as user@DOMAIN.COM, so 'ls -l'…
Snowflake Sam
  • 137
  • 1
  • 3
  • 9
9
votes
2 answers

How to use realmd in Ubuntu 14.04 LTS to join an Active Directory domain?

I want to use realmd to join an Active Directory domain from Ubuntu 14.04 LTS. To do that I just installed realmd and some dependencies with this command: aptitude install realmd sssd sssd-tools samba-common krb5-user. After the installation I tried…
Vinícius Ferrão
  • 5,400
  • 10
  • 52
  • 91
9
votes
2 answers

sssd: Is there a way to force a specific shell for some group members?

The context I'd like to restrict some AD users to a specific script, limiting what they can do on this particular machine. So, instead of connecting them with /bin/bash (for instance), I'd like to force them to use /path/to/my/script. Those users…
Christophe Drevet
  • 1,962
  • 2
  • 17
  • 25
8
votes
4 answers

Joining Ubuntu Server 17.04 to Windows AD: Likewise vs Centrify vs Winbind vs SSSD

I have quite a few Ubuntu Server 17.04 hosts that must be joined to an existing Windows AD domain (Windows Server 2016). I've never done it before, but I'm aware about several ways to achieve this, such as: Likewise, Centrify, SSSD and…
Ashton R.
  • 83
  • 1
  • 1
  • 4
8
votes
4 answers

Which ports are required in order to authenticate against a ldap server in another domain which is behind a firewall?

I have a Linux domain running with sssd, let's call this domain NJ. I'd like machines on the NJ domain to be able to authenticate against an Active Directory ldap server which resides on a different domain (called NY) which is behind a…
Itai Ganot
  • 10,424
  • 27
  • 88
  • 143
1
2 3
21 22