search for: enablesssd

Hi, I'm facing a problem with setting up LDAP+TLS client authentication in a kickstart script on CentOS7 for several days. Setting up manualy the config with system-config-authentication works but I need to automate this in kickstart for deploying cluster nodes. This show that the server side is running fine. At this time the message is #systemctl status sssd |....

...ookups are functional on the system) - install packages samba, samba-client, samba-winbind, samba-winbind-clients, and samba-winbind-krb5-locator - net ads join -U 'user' (the domain allows non-admin creation of machine accounts; net ads testjoin returns 'Join is OK') - authconfig --enablesssd --enablesssdauth --disablemkhomedir --update Here is the smb.conf with provisions for winbind (idmap lines), which was (deliberately) not configured by authconfig above: [global] strict locking = no workgroup = EXAMPLE server string = Samba Server Version %v disable netbios = yes...

...gt; sssd-libwbclient-devel 1.13.0-40.el7_2.4 sssd-proxy 1.13.0-40.el7_2.4 >> sssd-tools 1.13.0-40.el7_2.4 >> >> I ran the following commands to set up LDAP/AD authentication: >> >> # ln -s /bin/bash /bin/PHSshell >> # ln -s /home /PHShome >> # authconfig --enablesssdauth --enablemkhomedir --enablesssd -update >> # chkconfig sssd on # service sssd restart >> >> Initially, I ran into problems because I had not created an sssd.conf file. Eventually I did create one, and its contents are the following: >> >> [<domain>.org] >&...

....4 sssd-ldap 1.13.0-40.el7_2.4 sssd-libwbclient 1.13.0-40.el7_2.4 sssd-libwbclient-devel 1.13.0-40.el7_2.4 sssd-proxy 1.13.0-40.el7_2.4 sssd-tools 1.13.0-40.el7_2.4 I ran the following commands to set up LDAP/AD authentication: # ln -s /bin/bash /bin/PHSshell # ln -s /home /PHShome # authconfig --enablesssdauth --enablemkhomedir --enablesssd -update # chkconfig sssd on # service sssd restart Initially, I ran into problems because I had not created an sssd.conf file. Eventually I did create one, and its contents are the following: [<domain>.org] enumate = true cache_credentials = TRUE id_provi...

...tting up SSSD and Samba: 1) yum install -y sssd realmd adcli samba-common samba-common-tools krb5-workstation openldap-clients ntpdate ntp nss-pam-ldapd policycoreutils-python samba-client samba nano 2) realm join ... #shortened command; binding to specific OU; works as expected 3) authconfig --enablesssdauth --enablesssd --enablemkhomedir --update 4) nano /etc/samba/smb.conf 5) testparm 6) mkdir /testshare 7) id btp4 at yu.yale.edu #works as expected 8) chown -R root:pathology_its at yu.yale.edu /testshare/ 9) chcon -Rt samba_share_t /testshare/ 10) kinit btp4 11) net ads join -k 12) kini...

I was fighting this a few weeks ago, and asking here. I *finally* solved it yesterday... and the answer isn't pleasant. Running the command authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall breaks crond, as per bugzilla # Bug 1650314. The way that it breaks it is to insert into /etc/pam.d/password-auth-ac two lines reading auth required pam_deny.so one as the third line in the auth stanza, so:...

...gt; system) > - install packages samba, samba-client, samba-winbind, > samba-winbind-clients, and samba-winbind-krb5-locator > - net ads join -U 'user' (the domain allows non-admin creation of > machine accounts; net ads testjoin returns 'Join is OK') > - authconfig --enablesssd --enablesssdauth --disablemkhomedir --update As you can join the machine to your AD domain, have you considered the winbind 'rid' backend ? Rowland

...ss.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/about-sssd.conf.html implies that if I want to use sssd I need to create the sssd.conf file first. Any reason why? 2. I also noticed if sssd.conf is not there, authconfig won't create it even if you tell it to --enablesssd. How so? I thought that if you are using sssd, it would have stuff like kerberos and ldap (to pick a couple of examples) configured there. 3. It seems if I want to, say, define ldap_user_search_base I must do it directly in sssd.conf instead of passing some kind of argument to authconfig. Am I cor...

....13.0-40.el7_2.4 sssd-proxy >>> 1.13.0-40.el7_2.4 sssd-tools 1.13.0-40.el7_2.4 >>> >>> I ran the following commands to set up LDAP/AD authentication: >>> >>> # ln -s /bin/bash /bin/PHSshell >>> # ln -s /home /PHShome >>> # authconfig --enablesssdauth --enablemkhomedir --enablesssd -update >>> # chkconfig sssd on # service sssd restart >>> >>> Initially, I ran into problems because I had not created an >>> sssd.conf file. Eventually I did create one, and its contents are the following: >>> >&...

...a, samba-client, samba-winbind, > > > samba-winbind-clients, and samba-winbind-krb5-locator > > > - net ads join -U 'user' (the domain allows non-admin creation of > > > machine accounts; net ads testjoin returns 'Join is OK') > > > - authconfig --enablesssd --enablesssdauth --disablemkhomedir --update > > As you can join the machine to your AD domain, have you considered the > > winbind 'rid' backend ? > I am not aware of it or how it can help to solve this problem. Is there any resource you can point to online that detail how...

...-libwbclient-devel 1.13.0-40.el7_2.4 >> sssd-proxy 1.13.0-40.el7_2.4 >> sssd-tools 1.13.0-40.el7_2.4 >> >> I ran the following commands to set up LDAP/AD authentication: >> >> # ln -s /bin/bash /bin/PHSshell >> # ln -s /home /PHShome >> # authconfig --enablesssdauth --enablemkhomedir --enablesssd -update >> # chkconfig sssd on >> # service sssd restart >> >> Initially, I ran into problems because I had not created an sssd.conf file. Eventually I did create one, and its contents are the following: >> >> [<domain>.or...

Hi! How to get usermod working with SSSD/389DS ? We have SSSD set up on our server and it uses 389DS. SSSD was enabled with the following command: authconfig --enablesssd --enablesssdauth --ldapbasedn=dc=example,dc=com --enableshadow --enablemkhomedir --enablelocauthorize --update Running for example "usermod -L username" returns: usermod: user 'username' does not exist in /etc/passwd Each time usermod is executed there is a query logged in 389D...

....4 sssd-ldap 1.13.0-40.el7_2.4 sssd-libwbclient 1.13.0-40.el7_2.4 sssd-libwbclient-devel 1.13.0-40.el7_2.4 sssd-proxy 1.13.0-40.el7_2.4 sssd-tools 1.13.0-40.el7_2.4 I ran the following commands to set up LDAP/AD authentication: # ln -s /bin/bash /bin/PHSshell # ln -s /home /PHShome # authconfig --enablesssdauth --enablemkhomedir --enablesssd -update # chkconfig sssd on # service sssd restart Initially, I ran into problems because I had not created an sssd.conf file. Eventually I did create one, and its contents are the following: [<domain>.org] enumate = true cache_credentials = TRUE id_provi...

...1.13.0-40.el7_2.4 sssd-proxy 1.13.0-40.el7_2.4 >>> sssd-tools 1.13.0-40.el7_2.4 >>> >>> I ran the following commands to set up LDAP/AD authentication: >>> >>> # ln -s /bin/bash /bin/PHSshell >>> # ln -s /home /PHShome >>> # authconfig --enablesssdauth --enablemkhomedir --enablesssd -update >>> # chkconfig sssd on # service sssd restart >>> >>> Initially, I ran into problems because I had not created an sssd.conf >>> file. Eventually I did create one, and its contents are the following: >>> >&gt...

...mmon samba-common-tools > > krb5-workstation openldap-clients ntpdate ntp nss-pam-ldapd > > policycoreutils-python samba-client samba nano > > > > 2) realm join ... #shortened command; binding to specific OU; works > > as expected > > > > 3) authconfig --enablesssdauth --enablesssd > --enablemkhomedir --update > > > > 4) nano /etc/samba/smb.conf > > > > 5) testparm > > > > 6) mkdir /testshare > > > > 7) id btp4 at yu.yale.edu #works as expected > > > > 8) chown -R root:pathology_its at yu.y...