search for: krb5_server

...c/sssd/sssd.conf [sssd] services = nss, pam config_file_version = 2 domains = default [nss] [pam] [domain/default] access_provider = simple #simple_allow_users = myuser enumerate = false cache_credentials = True id_provider = ldap auth_provider = krb5 chpass_provider = krb5 krb5_realm = HH3.SITE krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site ldap_uri = ldap://hh16.hh3.site/ ldap_search_base = dc=hh3,dc=site ldap_tls_cacertdir = /usr/local/samba/private/tls ldap_id_use_start_tls = False ldap_default_bind_dn = cn=lynn2,cn=Users,dc=hh3,dc=site ldap_default_authtok = xx ldap_default_authtok_type...

...eferrals = false ldap_force_upper_case_realm = true # on large directories, you may want to disable enumeration for performance reasons # enumerate = true auth_provider = krb5 chpass_provider = krb5 ldap_sasl_mech = gssapi ldap_sasl_authid = EPO$@SAMBA.COMPANY.COM krb5_realm = SAMBA.COMPANY.COM #krb5_server = dc2.samba.company.com, dc3.samba.company.com krb5_server = x.y.143.15, x.y.143.16 #krb5_kpasswd = dc2.samba.company.com, dc3.samba.company.com krb5_kpasswd = x.y.143.15, x.y.143.16 ldap_krb5_keytab = /etc/krb5.sssd.keytab ldap_krb5_init_creds = true ldap_uri = ldap://x.y.143.15, ldap://x.y.143.1...

...= 0 [domain/EXAMPLE] entry_cache_timeout = 600 entry_cache_group_timeout = 600 min_id = 1000 id_provider = ldap auth_provider = krb5 chpass_provider = krb5 ldap_schema = rfc2307bis ldap_uri = ldap://smbad.intra.example.com:390/ ldap_search_base = dc=intra,dc=example,dc=com cache_credentials = true krb5_server = smbad.intra.example.com:8880 krb5_realm= INTRA.EXAMPLE.COM ldap_default_bind_dn = cn=admin,dc=intra,dc=example,dc=com ldap_default_authtok_type = password ldap_default_authtok = 6pNEn7Eo3zmz9MxciGLx 4. I have also tried to achieve above thing using command line tool "pdbedit" but wit...

...c/krb5.keytab. /etc/sssd/sssd.conf is set to: [sssd] services = nss, pam, autofs domains = ADA.DE <http://ada.de/> debug_level = 0x0270 [domain/ADA.DE <http://ada.de/>] enumerate = true cache_credentials = True krb5_realm = ADA.DE <http://ada.de/> ldap_search_base = dc=ada,dc=de krb5_server = ad01.ada.de, ad02.ada.de id_provider = ad auth_provider = ad ldap_uri = ldap://ad01.ada.de:389/, ldap://ad02.ada.de:389/ ldap_id_use_start_tls = True ldap_tls_cacertdir = /etc/openldap/cacerts debug_level = 0x0270 [nss] homedir_substring = /home debug_level = 0x0270 [pam] debug_level = 0x0270...

...djiido.nc > ad_server = serveur.radiodjiido.nc > ad_domain = radiodjiido.nc > ldap_schema = ad > id_provider = ad > access_provider = simple > enumerate = true > cache_credentials = true > auth_provider = krb5 > chpass_provider = krb5 > krb5_realm = RADIODJIIDO.NC > krb5_server = serveur.radiodjiido.nc > krb5_kpasswd = serveur.radiodjiido.nc > #next line only lists users with uidNumber/gidNumber entered via ldbedit > ldap_id_mapping = false > ldap_referrals = false > ldap_uri = ldap://serveur.radiodjiido.nc > ldap_search_base = dc=radiodjiido,dc=nc >...

...= 0 [domain/EXAMPLE] entry_cache_timeout = 600 entry_cache_group_timeout = 600 min_id = 1000 id_provider = ldap auth_provider = krb5 chpass_provider = krb5 ldap_schema = rfc2307bis ldap_uri = ldap://smbad.intra.example.com:390/ ldap_search_base = dc=intra,dc=example,dc=com cache_credentials = true krb5_server = smbad.intra.example.com:8880 krb5_realm= INTRA.EXAMPLE.COM <http://intra.example.com/> ldap_default_bind_dn = cn=admin,dc=intra,dc=example,dc=com ldap_default_authtok_type = password ldap_default_authtok = 6pNEn7Eo3zmz9MxciGLx 4. I have also tried to achieve above thing using command li...

...earch_base = DC=EXAMPLE,DC=COM?subtree?&(objectclass=group)(gidnumber=*) ldap_group_objectsid = objectSid ldap_group_member = member ldap_group_object_class = group ldap_group_uuid = objectGUID ldap_group_nesting_level = 0 krb5_auth_timeout = 5 krb5_renew_interval = 60 krb5_realm = EXAMPLE.COM krb5_server = ad.example.com ldap_krb5_init_creds = true /etc/nsswitch passwd: files sss shadow: files sss group: files sss initgroups: files sss hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc:...

...# access_provider = ldap # ldap_access_order = expire # ldap_account_expire_policy = ad # Enumeration is discouraged for performance reasons. # enumerate = true auth_provider = krb5 chpass_provider = krb5 ldap_sasl_mech = gssapi ldap_sasl_authid = dc01$@AUTH.DOMAIN.COM krb5_realm = AUTH.DOMAIN.COM krb5_server = dc01.auth.domain.com krb5_kpasswd = dc01.auth.domain.com ldap_krb5_keytab = /etc/krb5.sssd.keytab ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_user_shell = loginShell ldap_group_object_class...

...ema = rfc2307bis id_provider = ldap access_provider = simple # on large directories, you may want to disable enumeration for performance reasons enumerate = true auth_provider = krb5 chpass_provider = krb5 ldap_sasl_mech = gssapi ldap_sasl_authid = bubba3-one$@EARTH.LOCAL krb5_realm = EARTH.LOCAL krb5_server = bubba3-one.earth.local krb5_kpasswd = bubba3-one.earth.local ldap_krb5_keytab = /etc/krb5.sssd.keytab ldap_krb5_init_creds = true ldap_referrals = false ldap_uri = ldap://bubba3-one.earth.local ldap_search_base = dc=earth,dc=local dyndns_update=false ldap_id_mapping=false ldap_user_object_cla...

Samba4 beta6. CentOS 6.3. I have a CentOS client, using sssd, bound to a samba4 domain. The sssd configuration uses GSSAPI to bind to the directory. In both scenarios below, kerberos is fine, DNS is fine, I can use ldapsearch and bind to the directory with GSSAPI just fine, etc. If I have just one DC, everything works perfectly well for weeks on end. If I have two or more DC's,

...sd] > services = nss, pam, autofs > domains = ADA.DE <http://ada.de/> > debug_level = 0x0270 > > [domain/ADA.DE <http://ada.de/>] > enumerate = true > cache_credentials = True > krb5_realm = ADA.DE <http://ada.de/> > ldap_search_base = dc=ada,dc=de > krb5_server = ad01.ada.de, ad02.ada.de > id_provider = ad > auth_provider = ad > ldap_uri = ldap://ad01.ada.de:389/, ldap://ad02.ada.de:389/ > ldap_id_use_start_tls = True > ldap_tls_cacertdir = /etc/openldap/cacerts > debug_level = 0x0270 > > [nss] > homedir_substring = /home >...

...vider = ipa ipa_server = _srv_, 192-168-0-100.local dns_discovery_domain = 192-168-0-100.local sudo_provider = ldap ldap_uri = ldap://192-168-0-100.local ldap_sudo_search_base = ou=sudoers,dc=local ldap_sasl_mech = GSSAPI ldap_sasl_authid = host/192-168-0-100.local at LOCAL ldap_sasl_realm = local krb5_server = 192-168-0-100.local [sssd] services = nss, pam, ssh, sudo config_file_version = 2 domains = 192-168-0-100.local [nss] [pam] [sudo] [autofs] [ssh] [pac] ## /etc/nsswitch.conf on client # # An example Name Service Switch config file. This file should be # sorted with the most-used service...

...# access_provider = ldap # ldap_access_order = expire # ldap_account_expire_policy = ad # Enumeration is discouraged for performance reasons. # enumerate = true auth_provider = krb5 chpass_provider = krb5 ldap_sasl_mech = gssapi ldap_sasl_authid = dc01$@AUTH.DOMAIN.COM krb5_realm = AUTH.DOMAIN.COM krb5_server = dc01.auth.domain.com krb5_kpasswd = dc01.auth.domain.com ldap_krb5_keytab = /etc/krb5.sssd.keytab ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_user_shell = loginShell ldap_group_object_class...

...t; domains = ADA.DE <http://ada.de/> > > debug_level = 0x0270 > > > > [domain/ADA.DE <http://ada.de/>] > > enumerate = true > > cache_credentials = True > > krb5_realm = ADA.DE <http://ada.de/> > > ldap_search_base = dc=ada,dc=de > > krb5_server = ad01.ada.de, ad02.ada.de > > id_provider = ad > > auth_provider = ad > > ldap_uri = ldap://ad01.ada.de:389/, ldap://ad02.ada.de:389/ > > ldap_id_use_start_tls = True > > ldap_tls_cacertdir = /etc/openldap/cacerts > > debug_level = 0x0270 > > > > [ns...

...# access_provider = ldap # ldap_access_order = expire # ldap_account_expire_policy = ad # Enumeration is discouraged for performance reasons. # enumerate = true auth_provider = krb5 chpass_provider = krb5 ldap_sasl_mech = gssapi ldap_sasl_authid = dc01$@AUTH.DOMAIN.COM krb5_realm = AUTH.DOMAIN.COM krb5_server = dc01.auth.domain.com krb5_kpasswd = dc01.auth.domain.com ldap_krb5_keytab = /etc/krb5.sssd.keytab ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_user_shell = loginShell ldap_group_object_class...

>> But instead i get >> centos: sshd[7929]: pam_unix(sshd:session): session opened for user >> <username> > > "pam_unix" should be an indication that <username> appears in the local > unix password files. Make sure that it doesn't. Nope. None of the usernames i tried is in /etc/passwd or /etc/shadow > > What do /etc/pam.d/sshd and