similar to: SSSD and auto.master

I am currently looking at migrating my existing CentOS6 servers over to CentOS7 and am currently testing out my sssd configuration on the new build with some issues. For some reason I am unable to see any secondary groups for my user like I would expect, and the /etc/sssd.conf, /etc/nsswitch and related /etc/pam.d configurations should be the same for both my CentOS6 and 7 servers (Configuration

Hmmm...., i have made now a complete new install but the problem persists: ldap authentication works, but the host attribute is ignored. I have installed CentOS7 64bit with KDE. I did not do any 'yum update' or install of extra packages so far. these pam and ldap packages are installed: openldap-devel-2.4.39-6.el7.x86_64 openssh-ldap-6.6.1p1-11.el7.x86_64 openldap-2.4.39-6.el7.x86_64

Thanks a lot for the explanation. I have confused some things while crawling through the manuals. Now i have removed the 'ldap' from the /etc/nsswitch.conf. Now it looks like this: passwd: files sss shadow: files sss group: files sss hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc:

I am still not understanding why your using MD5? Is it because everyone in InfoSec declared that everyone finally went from md5 to sha512 or what? -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Ulrich Hiller Sent: Monday, May 11, 2015 1:40 PM To: CentOS mailing list Subject: Re: [CentOS] ldap host attribute is ignored one more

Hello, I have set up IPA on a private network and have hit some bumps configuring sudo access for the clients. kinit seems to work fine for both client and server, user and root. When I run sudo on the server I see the following in /var/log/messages: Oct 17 17:53:52 192-168-0-100 [sssd[krb5_child[29237]]]: Decrypt integrity check failed Oct 17 17:53:52 192-168-0-100 [sssd[krb5_child[29237]]]:

Il giorno mer, 15/02/2017 alle 08.42 +0100, L.P.H. van Belle via samba ha scritto: > Have you seen :  > > ( centos/redhat ) > https://outsideit.net/realmd-sssd-ad-authentication/  > > ( debian/ubuntu )  > http://www.alandmoore.com/blog/2015/05/06/joining-debian-8-to-active- > directory/ Thank Luis, Thank Rowland. Yes, I have read this howto, and many others. None show

CentOS Errata and Bugfix Advisory 2016:1407 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-1407.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: ea8bd669e4ddf4b0638663c1e27aa01fbc64be921f6c09f1afd396d830608927 libipa_hbac-1.13.3-22.el6_8.4.i686.rpm

CentOS Errata and Bugfix Advisory 2017:2505 Upstream details at : https://access.redhat.com/errata/RHBA-2017:2505 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: a13401b5a68e93e194fa862f3502ad7c93976151e61df31543612279904316d4 libipa_hbac-1.13.3-57.el6_9.i686.rpm

CentOS Errata and Bugfix Advisory 2018:0510 Upstream details at : https://access.redhat.com/errata/RHBA-2018:0510 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 7e2059795a5bc50e3b70cdb457d4daebc5de5384127e15e96b9185b2ca6cbd9c libipa_hbac-1.13.3-58.el6_9.i686.rpm

CentOS Errata and Bugfix Advisory 2019:0063 Upstream details at : https://access.redhat.com/errata/RHBA-2019:0063 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: b22a1737a4e5697e44b3151c970a3433097410cf34039258b8fcfbfe8d1dc95b libipa_hbac-1.13.3-60.el6_10.2.i686.rpm

CentOS Errata and Bugfix Advisory 2017:0302 Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-0302.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 62c9102db1c4c156a2d187b9e34bcd225b5fb5a581042aff538fa47b853b9456 libipa_hbac-1.13.3-22.el6_8.6.i686.rpm

Presumably the unix servers are sharing network shares via samba but not NFS.      If you aren't using NFS and if regular users don't need to ssh or sftp into the server then winbind is probably sufficient.    My environment has a mix of unix and windows clients and servers so getting uidNumbers and gidNumbers consistent across machines and OS's is critical so winbind alone was

one more thing: firewalld service and selinux are deactivated. On 05/11/2015 07:06 PM, Ulrich Hiller wrote: > Hmmm...., i have made now a complete new install but the problem > persists: ldap authentication works, but the host attribute is ignored. > > I have installed CentOS7 64bit with KDE. > I did not do any 'yum update' or install of extra packages so far. > >

Hi everyone, A couple of weeks ago I wanted to install Samba and sssd on a Debian Wheezy server. The Samba version from the wheezy-backports repo looks and feels fairly well packaged by now and is updated to the upstream version, so in my opinion that's the way to go. As regards sssd, I wanted a version supporting the AD backend (the one in the Wheezy repos doesn't), so I backported it

Hi Jonathan, I think the reason might be this: - You are using "idmap_ldb:use rfc2307" in your Samba config, which means that Samba will use the ID's specified in the unix attributes in your AD (uidNumber, gidNumber). - You are using "ldap_id_mapping = True" in sssd.conf, which means that sssd will map uid and gid from the objectSID attribute. I think if you set

Il giorno mar, 14/02/2017 alle 16.13 +0000, Rowland Penny via samba ha scritto: > Have you modified /etc/nsswitch.conf ? No: > passwd:     files sss > shadow:     files sss > group:      files sss for default nsswitch.conf is configure to use sssd > If you haven't, then you are not using winbind, you are using sssd. Yes. I use sssd, If this is not a problem for samba. >

On 13/10/15 14:19, Guilherme Boing wrote: > Hello, > > I just realized that my second DC does not recognize the users from the AD. > wbinfo -u/-g are working just fine. > > [root at dc1 ~]# id bruno.castro > uid=10004(POL\bruno.castro) gid=100(users) > grupos=100(users),10001(POL\ti),3000009(BUILTIN\users) > > [root at dc2 ~]# id bruno.castro > id: bruno.castro: no

Hi again, Thanks again, Denis, Steve and Rowland for your previous answers about RFC2307 and winbind. Maybe I'm an dreamer but here is that I wanted to achieve : Ubuntu server 12.04.3, samba4 as PDC, several NICS : 1 LAN and 2/3 WANS Use a windows VM (on this server) to control AD through WRAT AD offers me the 'wishdom' of software deployment and GPO, users are can't install

I've been going around in circles with this for days and I'm stuck. I'm trying to run up a new AD environment with only Samba 4.8.3 servers that we'll authenticate user server access against via SSSD/LDAP using a simple bind. All of our servers are either CentOS 6 or 7. I've created a test environment with a single Samba AD 4.8.3 server as the AD server, a Windows 7 client

On 04/06/15 16:58, Roel van Meer wrote: > Hi Jonathan, > > I think the reason might be this: > - You are using "idmap_ldb:use rfc2307" in your Samba config, which > means that Samba will use the ID's specified in the unix attributes in > your AD (uidNumber, gidNumber). > - You are using "ldap_id_mapping = True" in sssd.conf, which means > that