System Security Services Daemon (SSSD) - This project provides a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for FreeIPA, LDAP, & Active Directory.
Questions tagged [sssd]
360 questions
35
votes
2 answers
How do I configure LDAP on Centos 6 for user authentication in the most secure and correct way?
During the last couple of days I have been using a lot of F-words, while browsing Internet for good documentation about how to setup an LDAP-server. So far I have found none, but plenty that are less than good, but better than bad. So I had to do it…
Arlukin
- 1,263
14
votes
5 answers
Debugging sssd login: pam_sss [...] System error
How does one properly debug the shell login in the following case?
Authentication is handled via sssd configuration and a krb5 authentication server. Logging in with the same .conf-file on Ubuntu 16.04 LTS works perfectly. Once one uses it with…
2xB
- 243
13
votes
6 answers
sssd and ldap authentication cache
On our box running OpenSUSE 12.2 we have installed OpenLDAP and sssd daemon. We are using these two services for user authentication. Recently we created a script which creates new web-users for our vhosts dynamically, but now we are dealing with a…
Seth Rayer
- 131
13
votes
1 answer
Error: KDC reply did not match expectations
I was facing issues while joining a machine to domain using below command.
the server has OS as Almazon Linux 2 server which has to join to example.com.
I have done all the prerequisites which are required for Domain joining process for Li
Below is…
Santosh Garole
- 593
12
votes
1 answer
NTP Service Auto-Discovery
Are there any methods I could use to provide auto-discovery for NTP? I recently moved to a new job that has a parent company that recently started providing Active Directory. I've been implementing SSSD & other stuff authenticating against AD and…
Keith Shannon
- 132
12
votes
2 answers
SSSD rejects LDAP login with su: incorrect password
I've set up an LDAP server with user accounts. I've successfully configured a Rails application to authenticate against this LDAP server. I'm now trying to configure SSSD to authenticate against LDAP, but it doesn't like the individual user…
Leo
- 983
12
votes
4 answers
home dir and shell for Active Directory authenticated users
I have successfully configured sssd and can ssh into a system with AD credentials what I am missing is the creation of a home directory and bash set as the shell.
My assumption is that if I log on to a system that does not already have a local linux…
grahamjgreen
- 1,021
11
votes
1 answer
PAM accepting any password for valid users
I just linked my Arch Linux workstation to the Samba AD I set up for our company. I tested it, and it worked, or so I thought. It accepted my password, created my homedir and everything, and logged me in. What I forgot to test was what it wouldn't…
Dessa Simpson
- 577
11
votes
2 answers
SSSD Authentication to Windows Domain without @domain.com everywhere
We're trialling using a Ubuntu 14.04 desktop environment for a few of our developers and I've hooked the machines into the domain with SSSD. This has been working fine. However the system recognises the domain users as user@DOMAIN.COM, so 'ls -l'…
Snowflake Sam
- 157
11
votes
2 answers
sssd: Is there a way to force a specific shell for some group members?
The context
I'd like to restrict some AD users to a specific script, limiting what they can do on this particular machine.
So, instead of connecting them with /bin/bash (for instance), I'd like to force them to use /path/to/my/script. Those users…
Christophe Drevet
- 2,122
11
votes
3 answers
IPA dynamic DNS updates only the AAAA record. Where are my A records?
I'm setting up a FreeIPA domain. In my lab are three virtual machines: the domain controller ipadc1, and two clients puppet and wordpress (creative, yes, I know). All three VMs are running freshly installed CentOS 6.4 (FreeIPA 3.0.0).
I've installed…
Michael Hampton
- 252,907
11
votes
6 answers
CentOS 6 + LDAP + NFS. File ownership is stuck on "nobody"
I've been trying to get LDAP authentication and NFS exported home directories on CentOS 6 working for a few days now. I've gotten to the point that I can now login to the client machine using the username and password in LDAP. On the client, /home…
jamieb
- 3,467
10
votes
4 answers
Which ports are required in order to authenticate against a ldap server in another domain which is behind a firewall?
I have a Linux domain running with sssd, let's call this domain NJ.
I'd like machines on the NJ domain to be able to authenticate against an Active Directory ldap server which resides on a different domain (called NY) which is behind a…
Itai Ganot
- 10,976
10
votes
5 answers
How to integrate Active Directory with FreeBSD 10.0 using security/sssd?
What are the required steps to authenticate users from an Active Directory running on Windows Server 2012 R2 in FreeBSD 10.0 using sssd with the AD backend with Kerberos TGT working?
Vinícius Ferrão
- 5,870
9
votes
2 answers
How to use realmd in Ubuntu 14.04 LTS to join an Active Directory domain?
I want to use realmd to join an Active Directory domain from Ubuntu 14.04 LTS.
To do that I just installed realmd and some dependencies with this command: aptitude install realmd sssd sssd-tools samba-common krb5-user.
After the installation I tried…
Vinícius Ferrão
- 5,870