Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [sssd]

SSSD System Security Services Daemon provides an NSS and PAM interface to remote authenticators such as LDAP, Kerberos, FreeIPA.

The SSSD System Security Services Daemon provides an NSS, PAM, and D-Bus interface to remote identity and authentication services, including LDAP, Kerberos, AD. This simplifies login management on clients, and provides optimisation features such a caching. It is available in most Linux distributions.

See the description in lwn.net from 2011, or the RedHat documentation.

142 questions
11
votes
1 answer

PAM vs LDAP vs SSSD vs Kerberos

I am basically aware of what these services do separate from each other. What I want to know: what exactly happens on a successful login in a linux based network that uses all of these services? In which order these services are consulted? What…
tfh
  • 425
  • 1
  • 4
  • 8
8
votes
2 answers

Missing config file for SSSD?

I want to make an CentOS 7 installation with LDAP authentication, so I installed authconfig-gtk, sssd and krb5-workstation. When I tried to start the service, I've got a message telling me that there is no config file under /etc/sssd/. I did some…
0xh3xa
  • 311
  • 1
  • 6
  • 16
7
votes
1 answer

How do I clear a user's cached Active Directory password on CentOS 7?

I built a CentOS 7 install on my company laptop and configured it to authenticate to the company AD servers like so: Install packages: yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation…
DirkNiblick
  • 73
  • 1
  • 1
  • 5
7
votes
4 answers

Allow AD Groups to SUDO

I'm adding some Fedora 20 workstations to our Windows 2003 domain. I've successfully joined the domain with the boxes, and can login with domain accounts. Now I'm trying to allow the default AD group Enterprise Admins to use SUDO, however whatever I…
SnakeDoc
  • 462
  • 3
  • 5
  • 16
6
votes
1 answer

Linux clients can't login on samba share while windows and mac can (active directory env)

Setup server Centos 7.6 Samba 4.8 Winbind SSSD Kerberos This machine is attached to the company active directory as member server but not domain controller (I followed the RadHat documentation to join the machine in domain and configure smb) added…
darxmurf
  • 1,097
  • 6
  • 19
6
votes
2 answers

SSH Logins failing for all users, even when using correct password

So, I have a RHEL server that is ad joined. Users are not able to login, even when using the correct passwords. I can login through console, but only with root, none of the AD accounts will work. I cannot use root to login via Putty, it only works…
Coy
  • 61
  • 1
  • 1
  • 2
6
votes
1 answer

Adding a system user to an LDAP group with SSSD

Our LDAP server is running RFC 2307 groups (memberuid contains a username, not a DN). With our old nscd/nss_ldap/pam_ldap setup, you could list a non-LDAP user (a system user from /etc/passwd) in an LDAP group's memberuid attribute, and that system…
derobert
  • 107,579
  • 20
  • 231
  • 279
6
votes
4 answers

Edit home directory for an LDAP user in Linux

I have an LDAP user who accesses a server based on having the appropriate LDAP host attribute via sssd. This user does not show up in /etc/passwd because he is not local. How do I modify his home dir location if he has already logged in and it was…
Gregg Leventhal
  • 7,480
  • 19
  • 65
  • 100
5
votes
1 answer

sssd not rotating its AD computer account password

I have many RHEL servers configured with SSSD that are not rotating their AD computer account password and as a result their computer accounts are getting deleted from the AD domain. This is happening due to a stale account cleanup job that is in…
kerplunk
  • 101
  • 2
  • 5
5
votes
2 answers

Setting login shell in SSS configuration for users from Active Directory

I'm trying to define different login shells for different users of an AD domain, as described here. The aim is to deny members of a particular group from logging in while allowing them to do SSH tunneling. Here below is the file /etc/sssd/sssd.conf.…
dr_
  • 28,763
  • 21
  • 89
  • 133
5
votes
1 answer

sssd and Active Directory user does not exist in CentOS

When I try to do a su [email protected] I get a "user does not exist" message. [email protected] exists in Active Directory. I can do kinit [email protected] successfully and get a ticket. Here are the steps I did: I have MIT KDC on CentOS 7…
ebeb
  • 199
  • 1
  • 1
  • 7
5
votes
1 answer

getent passwd -s sss LOCALUSER shows local user

tl;dr I want to easily and quickly tell if a user is local or domain (don't care which domain). Environment freeipa-client-4.6.1-3.fc27.x86_64 sssd-1.16.0-4.fc27.x86_64 Full story I am writing a userinfo.sh script that will show if a user is…
bgStack15
  • 381
  • 2
  • 11
5
votes
3 answers

Join Redhat 7 without prompting the password

I am trying to automate domain join on RedHat 7 using the following command: realm join -U serviceaccount --client-software=sssd abc.com The problem is this command prompts for password which stops my script. How do I workaround so it doesn't…
tset
  • 135
  • 2
  • 3
  • 5
5
votes
2 answers

oddjob_mkhomedir doesn't run when logging in via SSH with Kerberos

I currently have a server which has Kerberos/SSSD/Samba to authenticate to Windows 2012 AD. In /etc/pam.d/system-auth oddjob_mkhomedir is set as below: session optional pam_oddjob_mkhomedir.so umask=0077 skel=/etc/skel This was set by…
lethalMango
  • 215
  • 3
  • 10
5
votes
1 answer

How to run script when SSSD creates home directory for a new user

I have a network with several RHEL6 workstations and RHEL IdM Server (a.k.a. FreeIPA) as a domain controller. Every LDAP user can log into the every workstation. When the user is logging in for the first time, SSSD creates $HOME/$USER directory for…
Vitaly Isaev
  • 611
  • 1
  • 7
  • 19
1
2 3
9 10