similar to: SSSD and cache persistence

> If the cache is invalid SSS will, obviously, go back to the source and > return the information there, however, bizarrely, if the original > source doesn't have the information (like when a user is deleted) the > cached information is still returned. That cached information is > retained for ever it seems so my supposedly deleted user accounts still > appear to be active on

On 05/05/2015 06:47 PM, Gordon Messmer wrote: > On 05/05/2015 03:02 AM, Ulrich Hiller wrote: >> /etc/openldap/ldap.conf contains the line: >> ------------------------------------------ >> pam_check_host_attr yes > > /etc/openldap/ldap.conf is the configuration file for openldap clients. > It is not used for system authentication or name service. > >>

On 05/09/2015 01:24 PM, Jonathan Billings wrote: > Is it normal to have pam_unix and pam_sss twice for each each section? No. See my previous message. I think it's the result of copying portions of SuSE configurations.

one more thing: firewalld service and selinux are deactivated. On 05/11/2015 07:06 PM, Ulrich Hiller wrote: > Hmmm...., i have made now a complete new install but the problem > persists: ldap authentication works, but the host attribute is ignored. > > I have installed CentOS7 64bit with KDE. > I did not do any 'yum update' or install of extra packages so far. > >

On 08/06/2018 03:16 AM, Pete Biggs wrote: > If the cache is invalid SSS will, obviously, go back to the source and > return the information there, however, bizarrely, if the original > source doesn't have the information (like when a user is deleted) the > cached information is still returned. That cached information is > retained for ever it seems so my supposedly deleted user

Version 4.0.6-GIT-4bebda4 Hi I have sssd up and running. It works fine except that getent only returns domain users if I specify the object e.g. getent passwd and getent group return only local users but getent passwd steve2 steve2:*:3000034:20513:steve2:/home/users/steve2:/bin/bash and getent group Domain\ Users Domain Users:*:20513: work fine. /etc/nsswitch.conf passwd: compat sss group:

Thanks a lot for the explanation. I have confused some things while crawling through the manuals. Now i have removed the 'ldap' from the /etc/nsswitch.conf. Now it looks like this: passwd: files sss shadow: files sss group: files sss hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc:

On a Centos 7 minimal fresh install and samba 4.4.4 I have follow this howto: http://www.hexblot.com/blog/centos-7-active-directory-and-samba and I have Joining to an Active Directory server and login to it with domain user without problem. My problem occur when I try from windows to modify some new rights (ACL's) to new folder on samba share. The folder is created correctly but if I add

Dear all, i have a problem with sssd in conjunction with ldap on a centos 7 x86_64 box. ldap works fine. I can login there as an usual user registred in ldap. I want now restrict the access with ldap's host attribute. This is beeing ignored. Still every ldap user can login, no matter what the host attribute says. I googled around and only found that sssd.conf need two lines: access_provider

Hi, I'm planing to setup a new samba fileserver as a member to an existing samba 3.x SMB. The old server is still nss-pam-ldapd configured (historic left overs). As I dont have any pressure to have the new server up and running within the next few hours, I liked to set up sssd with our existing openldap. After googling and reading some documentations from redhat/fedora I think I do have a

Hi again, Thanks again, Denis, Steve and Rowland for your previous answers about RFC2307 and winbind. Maybe I'm an dreamer but here is that I wanted to achieve : Ubuntu server 12.04.3, samba4 as PDC, several NICS : 1 LAN and 2/3 WANS Use a windows VM (on this server) to control AD through WRAT AD offers me the 'wishdom' of software deployment and GPO, users are can't install

Hello -- I made the suggested changes to the sssd.conf file, and the results are the same. Just to make sure my syntax is correct: The following section was added to the end of the file: [sssd] debug_level = 4 config_file_version = 2 domains = company/company.org -----Original Message----- From: l at avc.su [mailto:l at avc.su] Sent: Thursday, June 23, 2016 9:08 AM To: Kaplan, Andrew H.;

Hello ? Thank-you for your e-mail. I corrected the syntax in the file, and I have confirmed the permissions are correct: -rw-------. 1 root root 266 Jun 23 08:45 sssd.conf Unfortunately, the error condition and messages listed in my initial e-mail are still present. From: l at avc.su [mailto:l at avc.su] Sent: Thursday, June 23, 2016 8:34 AM To: CentOS mailing list; Kaplan, Andrew H.

Dear list members, i have installed a CentOS 7 x86_64 system. I want to let users authenticate over our ldap server. This seems to be working. ldap-username and ldap-passwords are accepted for the users configured in the ldap server. No problem. Now i want to restrict the access to users who have my centos-machine in their ldap host attribute. My problem is, that this host attribute seems to be

Recently i've migrated our SVN server (virtual machine) from C6 to C7 (more precisely - migrated data to freshly installed virtual machine). And we have problem with very slow authentication. Server is configured with SSSD, user data are fetching from our LDAP server. SVN is configured with apache (pwauth for authentication + LDAP search for Require ldap-group). It takes pwauth even 10

So, so.. Server and clients are CentOS7. Server was configured using samba-tool domain provision. *smb.conf* from server [global] > netbios name = AD > realm = XXXXXX > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbindd, ntp_signd, kcc, dnsupdate > workgroup =

Dear all, i'm investigating the issue that I can't authenticate against a Samba (as Active-Directory Member) using the userPrincipalName (UPN). (Using Samba and sAMAccountName works fine.) After some research I'm quite sure that winbind is limited to the sAMAccountName and can't use UPN. So I deciced to use SSSD and configured the `ldap_user_name = userPrincipalName` in the

On 6/12/19 7:00 AM, Rowland penny wrote: > How are you actually running samba ? > How are you actually running samba ? I *think* setting security = user server role = auto makes Samba run as a standalone server, which is fine, because authentication is handled via /etc/nsswitch.conf: passwd: compat systemd sss group: compat systemd sss shadow:

Thanks Rowland. 'getent passwd mydomainuser' does return the correct (new, sssd) UID e.g. 1514701182 In my /etc/nsswitch.conf I have: passwd: files sss group: files sss The problem is that when I create a file from a client machine into a samba share on this server, e.g. creating the file \\servername\sharename\newfile.txt, this new file is not owned by UID 1514701182, but

Hi all, On a C6 box, when I want to enable LDAP authentication, I issue: # yum -y install nss-pam-ldapd pam_ldap nscd # authconfig --enableldap --enableldapauth --enablemkhomedir \ --ldapserver=ldap://ldap-blabla/ \ --ldapbasedn="blabla" \ --enablecache --disablefingerprint \ --kickstart --update All is working fine, the directory structure is fine and compliant.