search for: filter_groups

...s not honoring the password must change and allowing user to login without asking for password change using sssd with current password. Here is the configuration file of sssd service, [sssd] config_file_version = 2 services = nss, pam domains = EXAMPLE sbus_timeout = 30 [nss] filter_users = root filter_groups = root reconnection_retries = 3 [pam] reconnection_retries = 3 offline_credentials_expiration = 0 [domain/EXAMPLE] entry_cache_timeout = 600 entry_cache_group_timeout = 600 min_id = 1000 id_provider = ldap auth_provider = krb5 chpass_provider = krb5 ldap_schema = rfc2307bis ldap_uri = ldap://smba...

...: nisplus automount: files sss aliases: files nisplu My /etc/openldap/ldap.conf is this: TLS_CACERTDIR /etc/openldap/cacerts/ SASL_NOCANON on URI ldap://ldap.mydomain.tld BASE o=XXX The sssd.conf is this: [sssd] config_file_version = 2 services = nss, pam, autofs domains = default [nss] filter_groups = root filter_users = root [pam] [domain/default] ldap_uri = ldap://ldap.mydomain.tld ldap_search_base = o=XXX ldap_schema = rfc2307bis id_provider = ldap ldap_user_uuid = entryuuid ldap_group_uuid = entryuuid ldap_id_use_start_tls = True enumerate = False cache_credentials = False ldap_tls_cacer...

...s not honoring the password must change and allowing user to login without asking for password change using sssd with current password. Here is the configuration file of sssd service, [sssd] config_file_version = 2 services = nss, pam domains = EXAMPLE sbus_timeout = 30 [nss] filter_users = root filter_groups = root reconnection_retries = 3 [pam] reconnection_retries = 3 offline_credentials_expiration = 0 [domain/EXAMPLE] entry_cache_timeout = 600 entry_cache_group_timeout = 600 min_id = 1000 id_provider = ldap auth_provider = krb5 chpass_provider = krb5 ldap_schema = rfc2307bis ldap_uri = ldap://smba...

...from the /etc/nsswitch.conf. Now it looks > like this: Looks good. > My /etc/openldap/ldap.conf is this: OK, but that file isn't used for name service or authentication. Mostly just the openldap tools (ldapsearch, ldapadd, ldapmodify). > The sssd.conf is this: ... > [nss] > filter_groups = root > filter_users = root nitpick: those are the defaults. Probably don't need to set them. > [domain/default] > ldap_id_use_start_tls = True > ldap_tls_cacertdir = /etc/ssl/certs > ldap_tls_reqcert = never Not sure about that setting. "allow" is probably what y...

...figs for that with little success. Any help is greatly appreciated! Setup Detail Authentication Server: MS 2008R2 Schema Type: ad /etc/sssd/sssd.conf [sssd] services = nss, pam, autofs config_file_version = 2 domains = example.com debug_level = 9 enumerate = false cache_credentials = true [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 [autofs] ldap_autofs_search_base = CN=automount,dc=example,dc=com ## Domain Configurations [domain/example.com] debug_level = 9 id_provider = ldap access_provider = ldap auth_provider = krb5 ldap_uri = ldap://ad....

.../wiki.samba.org/index.php/Local_user_management_and_authentication/sssd sssd seems to start fine (no errors in the log and the daemons are running), but getent passwd and getent groups returns nothing. Below is my config: [sssd] services = nss, pam config_file_version = 2 domains = default [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] [domain/default] ad_hostname = bubba3-one.earth.local ad_server = bubba3-one.earth.local ad_domain = earth.local ldap_schema = rfc2307bis id_provider = ldap access_provider = simple # on large directories, you may want to disable enumera...

On 05/05/2015 06:47 PM, Gordon Messmer wrote: > On 05/05/2015 03:02 AM, Ulrich Hiller wrote: >> /etc/openldap/ldap.conf contains the line: >> ------------------------------------------ >> pam_check_host_attr yes > > /etc/openldap/ldap.conf is the configuration file for openldap clients. > It is not used for system authentication or name service. > >>

...= required server string = %h server workgroup = MYWORKGR fruit:nfs_aces = no idmap config * : backend = tdb -------------------------------------------- sssd.conf [sssd] config_file_version = 2 services = nss, pam debug_level = 7 domains = YOUR.KERB.REALM [nss] filter_groups = root filter_users = root debug_level = 7 [pam] debug_level = 7 [domain/YOUR.KERB.REALM] debug_level = 7 enumerate = false # use Unix password files for username validation id_provider = proxy proxy_lib_name = files

Hi, I'm planing to setup a new samba fileserver as a member to an existing samba 3.x SMB. The old server is still nss-pam-ldapd configured (historic left overs). As I dont have any pressure to have the new server up and running within the next few hours, I liked to set up sssd with our existing openldap. After googling and reading some documentations from redhat/fedora I think I do have a

...default # SSSD will not start if you do not configure any domains. # Add new domain configurations as [domain/<NAME>] sections, and # then add the list of domains (in the order you want them to be # queried) to the "domains" attribute below and uncomment it. # domains = LDAP [nss] filter_groups = root filter_users = root [pam] [domain/default] ldap_uri = ldap://myldapserver.mydomain ldap_search_base = o=XXXX ldap_schema = rfc2307bis id_provider = ldap ldap_user_uuid = entryuuid ldap_group_uuid = entryuuid ldap_id_use_start_tls = True enumerate = False cache_credentials = False ldap_tls_...

...template shell = /bin/bash template homedir = /var/samba/users/%U client signing = yes client use spnego = yes client ntlmv2 auth = yes restrict anonymous = 2 load printers = no sssd.conf ========================================================================== [nss] filter_groups = root filter_users = root reconnection_retries = 3 # debug_level = 7 [pam] reconnection_retries = 3 # debug_level = 7 [sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam, pac config_file_version = 2 domains = CORP.CELADONSYSTEMS.COM debug_level = 7 [dom...

...s: > > Looks good. > >> My /etc/openldap/ldap.conf is this: > > OK, but that file isn't used for name service or authentication. Mostly > just the openldap tools (ldapsearch, ldapadd, ldapmodify). > >> The sssd.conf is this: > ... >> [nss] >> filter_groups = root >> filter_users = root > > nitpick: those are the defaults. Probably don't need to set them. > >> [domain/default] >> ldap_id_use_start_tls = True >> ldap_tls_cacertdir = /etc/ssl/certs >> ldap_tls_reqcert = never > > Not sure about that s...

...ial libsemanage1-dev samba4-dev libpam-sss cyrus-sasl2-heimdal-dbg -> this installed sssd 1.8.6 with this /etc/sssd/sssd.conf > [sssd] > config_file_version = 2 > reconnection_retries = 3 > sbus_timeout = 30 > services = nss, pam > domains = radiodjiido.nc > > [nss] > filter_groups = root > filter_users = root > reconnection_retries = 3 > > [pam] > reconnection_retries = 3 > > [domain/radiodjiido.nc] > ; Using enumerate = true leads to high load and slow response > enumerate = false > cache_credentials = true > > id_provider = ldap > aut...

...nal [6] I get the feeling that the issue is around sudo somehow, but I don't believe I have sudo enabled in my sssd. Here's my sssd.conf from the CentOS 7 server: [sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam domains = AD.COMPANY.COM [nss] filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,mail,uucp,man,games,gopher,video,dip,ftp,lock,audio,nobody,users,floppy,vcsa,utmp,utempter,rpc,cdrom,tape,dialout,rpcuser,nfsnobody,sshd,cgred,screen,saslauth,apache,mailnull,smmsp,mysql filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,ma...

...default # SSSD will not start if you do not configure any domains. # Add new domain configurations as [domain/<NAME>] sections, and # then add the list of domains (in the order you want them to be # queried) to the "domains" attribute below and uncomment it. # domains = LDAP [nss] filter_groups = root filter_users = root [pam] [domain/default] ldap_uri = ldap://myldapserver.mydomain ldap_search_base = o=XXXX ldap_schema = rfc2307bis id_provider = ldap ldap_user_uuid = entryuuid ldap_group_uuid = entryuuid ldap_id_use_start_tls = True enumerate = False cache_credentials = False ldap_tls_...

...ers = @“DOMAIN\Admin" [SITES] comment = ASchool Website Folders path = /srv/SITES shadow:basedir = /srv/SITES wide links = yes valid users = @“DOMAIN\Group1” sssd.conf [sssd] services = nss, pam config_file_version = 2 domains = DOMAIN.COM debug_level = 0x3ff0 #debug_level = 1 [nss] filter_groups = root filter_users = root reconnection_retries = 3 debug_level = 0x3ff0 #debug_level = 1 [pam] reconnection_retries = 3 debug_level = 0x3ff0 #debug_level = 1 pam_id_timeout = 10 [domain/DOMAIN.COM] id_provider = ad access_provider = ad debug_level = 0x3ff0 #debug_level = 1 ldap_id_mapping = tr...