Displaying 16 results from an estimated 16 matches for "filter_groups".
2015 Jan 07
1
Password Must Change using SSSD in Samba 4.1.10
...s not honoring the
password must change and allowing user to login without asking for password
change using sssd with current password.
Here is the configuration file of sssd service,
[sssd]
config_file_version = 2
services = nss, pam
domains = EXAMPLE
sbus_timeout = 30
[nss]
filter_users = root
filter_groups = root
reconnection_retries = 3
[pam]
reconnection_retries = 3
offline_credentials_expiration = 0
[domain/EXAMPLE]
entry_cache_timeout = 600
entry_cache_group_timeout = 600
min_id = 1000
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_schema = rfc2307bis
ldap_uri = ldap://smba...
2015 May 06
2
ldap host attribute is ignored
...: nisplus
automount: files sss
aliases: files nisplu
My /etc/openldap/ldap.conf is this:
TLS_CACERTDIR /etc/openldap/cacerts/
SASL_NOCANON on
URI ldap://ldap.mydomain.tld
BASE o=XXX
The sssd.conf is this:
[sssd]
config_file_version = 2
services = nss, pam, autofs
domains = default
[nss]
filter_groups = root
filter_users = root
[pam]
[domain/default]
ldap_uri = ldap://ldap.mydomain.tld
ldap_search_base = o=XXX
ldap_schema = rfc2307bis
id_provider = ldap
ldap_user_uuid = entryuuid
ldap_group_uuid = entryuuid
ldap_id_use_start_tls = True
enumerate = False
cache_credentials = False
ldap_tls_cacer...
2015 Jan 07
0
Password Must Change using SSSD in Samba 4.1.10
...s not honoring the
password must change and allowing user to login without asking for password
change using sssd with current password.
Here is the configuration file of sssd service,
[sssd]
config_file_version = 2
services = nss, pam
domains = EXAMPLE
sbus_timeout = 30
[nss]
filter_users = root
filter_groups = root
reconnection_retries = 3
[pam]
reconnection_retries = 3
offline_credentials_expiration = 0
[domain/EXAMPLE]
entry_cache_timeout = 600
entry_cache_group_timeout = 600
min_id = 1000
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_schema = rfc2307bis
ldap_uri = ldap://smba...
2015 May 06
0
ldap host attribute is ignored
...from the /etc/nsswitch.conf. Now it looks
> like this:
Looks good.
> My /etc/openldap/ldap.conf is this:
OK, but that file isn't used for name service or authentication. Mostly
just the openldap tools (ldapsearch, ldapadd, ldapmodify).
> The sssd.conf is this:
...
> [nss]
> filter_groups = root
> filter_users = root
nitpick: those are the defaults. Probably don't need to set them.
> [domain/default]
> ldap_id_use_start_tls = True
> ldap_tls_cacertdir = /etc/ssl/certs
> ldap_tls_reqcert = never
Not sure about that setting. "allow" is probably what y...
2014 Jul 28
0
[sssd] Not seeing Secondary Groups
...figs for that with little success. Any help is greatly appreciated!
Setup Detail
Authentication Server: MS 2008R2
Schema Type: ad
/etc/sssd/sssd.conf
[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = example.com
debug_level = 9
enumerate = false
cache_credentials = true
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
[pam]
reconnection_retries = 3
[autofs]
ldap_autofs_search_base = CN=automount,dc=example,dc=com
## Domain Configurations
[domain/example.com]
debug_level = 9
id_provider = ldap
access_provider = ldap
auth_provider = krb5
ldap_uri = ldap://ad....
2014 Feb 18
0
sssd + samba4 not working (yet)
.../wiki.samba.org/index.php/Local_user_management_and_authentication/sssd
sssd seems to start fine (no errors in the log and the daemons are
running), but getent passwd and getent groups returns nothing. Below is my
config:
[sssd]
services = nss, pam
config_file_version = 2
domains = default
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
[pam]
[domain/default]
ad_hostname = bubba3-one.earth.local
ad_server = bubba3-one.earth.local
ad_domain = earth.local
ldap_schema = rfc2307bis
id_provider = ldap
access_provider = simple
# on large directories, you may want to disable enumera...
2015 May 05
4
ldap host attribute is ignored
On 05/05/2015 06:47 PM, Gordon Messmer wrote:
> On 05/05/2015 03:02 AM, Ulrich Hiller wrote:
>> /etc/openldap/ldap.conf contains the line:
>> ------------------------------------------
>> pam_check_host_attr yes
>
> /etc/openldap/ldap.conf is the configuration file for openldap clients.
> It is not used for system authentication or name service.
>
>>
2018 Jun 26
1
4.5 -> 4.8 samba fails to start
...= required
server string = %h server
workgroup = MYWORKGR
fruit:nfs_aces = no
idmap config * : backend = tdb
--------------------------------------------
sssd.conf
[sssd]
config_file_version = 2
services = nss, pam
debug_level = 7
domains = YOUR.KERB.REALM
[nss]
filter_groups = root
filter_users = root
debug_level = 7
[pam]
debug_level = 7
[domain/YOUR.KERB.REALM]
debug_level = 7
enumerate = false
# use Unix password files for username validation
id_provider = proxy
proxy_lib_name = files
2013 Feb 21
2
looking for sssd basics and simple config with existing ldap centos 6.3
Hi,
I'm planing to setup a new samba fileserver as a member to an existing
samba 3.x SMB.
The old server is still nss-pam-ldapd configured (historic left overs).
As I dont have any pressure to have the new server up and running within
the next few hours, I liked to set up sssd with our existing openldap.
After googling and reading some documentations from redhat/fedora I
think I do have a
2015 Feb 23
2
sssd - ldap host attribute ignored
...default
# SSSD will not start if you do not configure any domains.
# Add new domain configurations as [domain/<NAME>] sections, and
# then add the list of domains (in the order you want them to be
# queried) to the "domains" attribute below and uncomment it.
# domains = LDAP
[nss]
filter_groups = root
filter_users = root
[pam]
[domain/default]
ldap_uri = ldap://myldapserver.mydomain
ldap_search_base = o=XXXX
ldap_schema = rfc2307bis
id_provider = ldap
ldap_user_uuid = entryuuid
ldap_group_uuid = entryuuid
ldap_id_use_start_tls = True
enumerate = False
cache_credentials = False
ldap_tls_...
2017 Apr 21
2
samba, sssd, Active Directory, NT_STATUS_NO_LOGON_SERVERS, NT_STATUS_ACCESS_DENIED
...template shell = /bin/bash
template homedir = /var/samba/users/%U
client signing = yes
client use spnego = yes
client ntlmv2 auth = yes
restrict anonymous = 2
load printers = no
sssd.conf
==========================================================================
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
# debug_level = 7
[pam]
reconnection_retries = 3
# debug_level = 7
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam, pac
config_file_version = 2
domains = CORP.CELADONSYSTEMS.COM
debug_level = 7
[dom...
2015 May 07
2
ldap host attribute is ignored
...s:
>
> Looks good.
>
>> My /etc/openldap/ldap.conf is this:
>
> OK, but that file isn't used for name service or authentication. Mostly
> just the openldap tools (ldapsearch, ldapadd, ldapmodify).
>
>> The sssd.conf is this:
> ...
>> [nss]
>> filter_groups = root
>> filter_users = root
>
> nitpick: those are the defaults. Probably don't need to set them.
>
>> [domain/default]
>> ldap_id_use_start_tls = True
>> ldap_tls_cacertdir = /etc/ssl/certs
>> ldap_tls_reqcert = never
>
> Not sure about that s...
2013 Oct 01
1
Should I forget sssd ?
...ial libsemanage1-dev samba4-dev libpam-sss
cyrus-sasl2-heimdal-dbg
-> this installed sssd 1.8.6 with this /etc/sssd/sssd.conf
> [sssd]
> config_file_version = 2
> reconnection_retries = 3
> sbus_timeout = 30
> services = nss, pam
> domains = radiodjiido.nc
>
> [nss]
> filter_groups = root
> filter_users = root
> reconnection_retries = 3
>
> [pam]
> reconnection_retries = 3
>
> [domain/radiodjiido.nc]
> ; Using enumerate = true leads to high load and slow response
> enumerate = false
> cache_credentials = true
>
> id_provider = ldap
> aut...
2018 Jul 20
2
SSSD on CentOS 7 failing to start when connecting to 4.8.3 AD via LDAP
...nal [6]
I get the feeling that the issue is around sudo somehow, but I don't
believe I have sudo enabled in my sssd.
Here's my sssd.conf from the CentOS 7 server:
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = AD.COMPANY.COM
[nss]
filter_groups =
root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,mail,uucp,man,games,gopher,video,dip,ftp,lock,audio,nobody,users,floppy,vcsa,utmp,utempter,rpc,cdrom,tape,dialout,rpcuser,nfsnobody,sshd,cgred,screen,saslauth,apache,mailnull,smmsp,mysql
filter_users =
root,bin,daemon,adm,lp,sync,shutdown,halt,ma...
2015 May 05
6
ldap host attribute is ignored
...default
# SSSD will not start if you do not configure any domains.
# Add new domain configurations as [domain/<NAME>] sections, and
# then add the list of domains (in the order you want them to be
# queried) to the "domains" attribute below and uncomment it.
# domains = LDAP
[nss]
filter_groups = root
filter_users = root
[pam]
[domain/default]
ldap_uri = ldap://myldapserver.mydomain
ldap_search_base = o=XXXX
ldap_schema = rfc2307bis
id_provider = ldap
ldap_user_uuid = entryuuid
ldap_group_uuid = entryuuid
ldap_id_use_start_tls = True
enumerate = False
cache_credentials = False
ldap_tls_...
2019 Apr 30
5
Group Permissions Not Working
...ers = @“DOMAIN\Admin"
[SITES]
comment = ASchool Website Folders
path = /srv/SITES
shadow:basedir = /srv/SITES
wide links = yes
valid users = @“DOMAIN\Group1”
sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = DOMAIN.COM
debug_level = 0x3ff0
#debug_level = 1
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
debug_level = 0x3ff0
#debug_level = 1
[pam]
reconnection_retries = 3
debug_level = 0x3ff0
#debug_level = 1
pam_id_timeout = 10
[domain/DOMAIN.COM]
id_provider = ad
access_provider = ad
debug_level = 0x3ff0
#debug_level = 1
ldap_id_mapping = tr...