Displaying 20 results from an estimated 7000 matches similar to: "ldap host attribute is ignored"
2015 May 05
4
ldap host attribute is ignored
On 05/05/2015 06:47 PM, Gordon Messmer wrote:
> On 05/05/2015 03:02 AM, Ulrich Hiller wrote:
>> /etc/openldap/ldap.conf contains the line:
>> ------------------------------------------
>> pam_check_host_attr yes
>
> /etc/openldap/ldap.conf is the configuration file for openldap clients.
> It is not used for system authentication or name service.
>
>>
2015 May 11
2
ldap host attribute is ignored
one more thing: firewalld service and selinux are deactivated.
On 05/11/2015 07:06 PM, Ulrich Hiller wrote:
> Hmmm...., i have made now a complete new install but the problem
> persists: ldap authentication works, but the host attribute is ignored.
>
> I have installed CentOS7 64bit with KDE.
> I did not do any 'yum update' or install of extra packages so far.
>
>
2015 May 06
2
ldap host attribute is ignored
Thanks a lot for the explanation. I have confused some things while
crawling through the manuals.
Now i have removed the 'ldap' from the /etc/nsswitch.conf. Now it looks
like this:
passwd: files sss
shadow: files sss
group: files sss
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc:
2015 Feb 23
2
sssd - ldap host attribute ignored
Dear all,
i have a problem with sssd in conjunction with ldap on a centos 7 x86_64
box.
ldap works fine. I can login there as an usual user registred in ldap.
I want now restrict the access with ldap's host attribute. This is
beeing ignored. Still every ldap user can login, no matter what the host
attribute says.
I googled around and only found that sssd.conf need two lines:
access_provider
2015 May 12
3
ldap host attribute is ignored
On 05/12/2015 06:25 AM, Ulrich Hiller wrote:
>
> i have set logging in sssd to 9:
7 might be good enough for what you want to find. I added this to
domain/default section:
access_provider = ldap
ldap_access_order = host
ldap_user_authorized_host = host
debug_level = 7
/var/log/sssd/sssd_default.log logged the following for one user which
had no "host" attribute, and was
2015 May 11
3
ldap host attribute is ignored
On 05/09/2015 01:24 PM, Jonathan Billings wrote:
> Is it normal to have pam_unix and pam_sss twice for each each section?
No. See my previous message. I think it's the result of copying
portions of SuSE configurations.
2015 May 12
2
ldap host attribute is ignored
Ulrich Hiller wrote:
> that's intersting. "performing access check" is really missing.
>
> also the "sdap_access" lines are not there. Therefore i do have:
>
> (Tue May 12 13:16:20 2015) [sssd[be[default]]] [dp_get_options]
> (0x0400): Option ldap_access_filter has no value
> (Tue May 12 13:16:20 2015) [sssd[be[default]]] [dp_get_options]
> (0x0400):
2015 May 08
4
ldap host attribute is ignored
>> But instead i get
>> centos: sshd[7929]: pam_unix(sshd:session): session opened for user
>> <username>
>
> "pam_unix" should be an indication that <username> appears in the local
> unix password files. Make sure that it doesn't.
Nope. None of the usernames i tried is in /etc/passwd or /etc/shadow
>
> What do /etc/pam.d/sshd and
2015 May 12
1
ldap host attribute is ignored
Ulrich Hiller wrote:
> i thought this too.
> I think this:
>
> access_provider = ldap
> ldap_access_filter = memberOf=host=does-not-exist-host
> ldap_access_order = filter
> ldap_user_authorized_host = host
>
> must confuse sssd so much that it denies login. But the user without
> host attribute can still login.
>
Wait - are you saying that it didn't deny, but
2015 May 11
0
ldap host attribute is ignored
I am still not understanding why your using MD5? Is it because everyone in InfoSec declared that everyone finally went from md5 to sha512 or what?
-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Ulrich Hiller
Sent: Monday, May 11, 2015 1:40 PM
To: CentOS mailing list
Subject: Re: [CentOS] ldap host attribute is ignored
one more
2015 May 05
2
ldap host attribute is ignored
unfortunately i got a syntax error with this method "ldap_access_filter
= host='HOSTNAME' " and sssd did not restart.
i added the line
ldap_user_authorized_host = host
without success
I have to admit that i do not have any idea where to look for the problem:
- is it sssd? I have the version 1.12.2
- is it pam (something in /etc/pam.d)
- is is ldap (etc/ldap.conf)?
- is it
2015 May 11
0
ldap host attribute is ignored
Hmmm...., i have made now a complete new install but the problem
persists: ldap authentication works, but the host attribute is ignored.
I have installed CentOS7 64bit with KDE.
I did not do any 'yum update' or install of extra packages so far.
these pam and ldap packages are installed:
openldap-devel-2.4.39-6.el7.x86_64
openssh-ldap-6.6.1p1-11.el7.x86_64
openldap-2.4.39-6.el7.x86_64
2015 May 07
2
ldap host attribute is ignored
Thanks a lot for looking over the config.
I am at the topic "user data is available"
id <username>
and
getent passwd
and
ldapsearch -x -b "ou=XXX,o=YYY" uid=<username>
give the correct results
ldapsearch gives also the correct host attribute i have set in the ldap
server.
Regarding the manpage of sssd.conf the lines
access_provider = ldap
ldap_access_order =
2013 Apr 14
1
sssd getent problem with Samba 4.0
Version 4.0.6-GIT-4bebda4
Hi
I have sssd up and running. It works fine except that getent only
returns domain users if I specify the object e.g.
getent passwd
and
getent group
return only local users
but
getent passwd steve2
steve2:*:3000034:20513:steve2:/home/users/steve2:/bin/bash
and
getent group Domain\ Users
Domain Users:*:20513:
work fine.
/etc/nsswitch.conf
passwd: compat sss
group:
2015 May 05
0
ldap host attribute is ignored
On 05/05/2015 03:02 AM, Ulrich Hiller wrote:
> /etc/openldap/ldap.conf contains the line:
> ------------------------------------------
> pam_check_host_attr yes
/etc/openldap/ldap.conf is the configuration file for openldap clients.
It is not used for system authentication or name service.
> 'pam_check_host_attr yes' is in /etc/openldap/ldap.conf. /etc/ldap.conf
>
2024 Nov 29
2
pam_winbind Appears to need a Network Connection to Succeed at Offline Authentication
Mandi! John R. Graham via samba
In chel di` si favelave...
> When I put winbindd in offline mode,
RFC2307? A known bug:
https://bugzilla.samba.org/show_bug.cgi?id=15405
--
2014 Jul 23
1
sssd problems after dc1 is no longer online
Hi all,
I hope that this request for help will be the last one, for a while to
come. Today, sernet support helped my sort out our DC mess, and they did
a great job. However, sssd no longer works, and I hope someone here can
help out.
We used to have DC1, DC2 and DC3. DC1 was the classic-upgraded, first,
'original' DC, and had to be shutdown, unfortunately. So only DC2 and
DC3
2015 May 11
3
ldap host attribute is ignored
On 05/11/2015 10:06 AM, Ulrich Hiller wrote:
> Hmmm...., i have made now a complete new install but the problem
> persists: ldap authentication works, but the host attribute is ignored.
Hate to say that we're running out of options. I had a CentOS 7 system
similar to yours, with LDAP authentication. I added three lines to
sssd.conf (for access provider, etc), restarted sssd, and
2018 Sep 30
2
getent not showing domain users and groups with winbind but works with sssd
Hi folks,
AD server CentOS 7-1804, Samba 4.9.1 compiled from source, only used as
AD server, with netlogon and sysvol, just like any Windows AD server
AD member server CentOS 7-1804, Samba 4.7.1 installed from CentOS
repositories, intended for use as a file server, with shares for roaming
profiles, home directories, and data shares.
I know that the getent problem has been discussed ad
2016 Sep 02
3
Samba4 and sssd authentication not working due "Transport encryption required."
Hi Experts
I have setup samba4 version "samba-4.4.5" , Windows Authentication working
fine.
however sssd authentication not working, Same setup work with older version
of samba4 , so i guess bellow requirement has been added new, but I dont
understand what shall i do to make sssd work .
bellow log i am getting from sssd log
[simple_bind_done] (3): Bind result: Strong(er)