Stack Overflow
Stack Overflow

Questions tagged [sssd]

SSSD is a system daemon that provides access to identity and authentication remote resource through a common framework that can provide caching and offline support to the system.

SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms.

It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources as well as a D-Bus interface.

It is also the basis to provide client auditing and policy services for centralised identity management systems such as FreeIPA and Active Directory.

In addition, it provides a more robust database to store local users as well as extended user data.

67 questions
6
votes
2 answers

Centos 7 ssh login failed using LDAP and sssd

I've setup an LDAP server running on Centos 7. id, getent passwd, on users works. But 'ssh' failed. From /var/log/secure, it seems like authentication succeeded, but pam doesn't like something else. I'm not sure how to narrow down where the…
surfcode
  • 445
  • 1
  • 5
  • 20
5
votes
3 answers

Ubuntu 16 - Active Directory - Can ssh - cannot rdp

I've been working on getting a linux server built for our devs that is joined to our Active Directory Server. Using a combination of Realm and SSSD I have SSH working fine with all users, but trying to remote desktop in to xrdp is failing with…
Rick Baker
  • 873
  • 11
  • 22
5
votes
2 answers

Ubuntu Server 16.04 SSSD Not Loading

I am attempting to authenticate my Ubuntu 16.04 server to an AD but having trouble loading SSSD. My sssd.conf file looks like this: [sssd] services = nss, pam config_file_version = 2 domains = MYDOMAIN.LOCAL id_provider = ad access_provider =…
Elcid_91
  • 1,571
  • 4
  • 24
  • 50
3
votes
1 answer

Grok Patterns for SSSD Logs

I am trying to parse the SSSD Demon logs using Logstash grok patterns for better visibility log samples (Mon Nov 9 12:08:56 2020) [sssd[nss]] [client_recv] (0x0200): Client disconnected! (Mon Nov 9 12:08:56 2020) [sssd[nss]] [client_close_fn]…
Ajinkya
  • 843
  • 10
  • 32
3
votes
1 answer

SSSD Integration with Microsoft AD for SSH Key based Login

I have configured SSSD on a linux machine which is connected to a Microsoft AD Forest using Realm. My End Goal is to Login into CentOS machine using the SSH keys stored in Microsoft AD Below are Setup Details: EC2 Windows for Microsoft AD EC2…
Ajinkya
  • 843
  • 10
  • 32
3
votes
1 answer

How do we use encoded value in playbook and decode it whenever needed in ansible playbook?

I am trying to use ansible-pull method for running a playbooks with extra vars on run time of playbooks. Here is how i needed to run my playbook with vars looks like. ansible-playbook decode.yml --extra-vars "host_name=xxxxxxx …
Santosh Garole
  • 1,419
  • 13
  • 23
3
votes
2 answers

sssd Error: Could not start TLS encryption. (unknown error code)

I am trying to configure Linux machine authentication with Google secure LDAP, adding the steps below that I have done Added the LDAP client with below permission: Access permission: Entire Domain Read user information: Entire Domain Read group…
Ashwani
  • 485
  • 2
  • 9
  • 23
3
votes
1 answer

SSSD and sudo: mismatch between sudoHost and server hostname

I'm running SSSD/LDAP on CentOS6 to authenticate users and I've configured it also to get SUDO information from the LDAP server. If I run hostname on my server I get: [root@myserver ~]# hostname myserver I configured sssd.conf with a search base,…
ma_stack
  • 51
  • 5
2
votes
1 answer

Linux AD user can use only it's Primary group?

Recently we have bounded our Linux server to an AD domain. We are now able to do simple operations, as follows: Login to our Linux server with AD accounts (also via SSH) List and recognize our AD groups with the id command Create files, taking…
Idan Tank
  • 27
  • 5
2
votes
1 answer

Multiple domains/one Forest RHEL7 with SSSD and REALMD - cannot login to another domain

I have searched on stackoverflow but did not found a solution. I have two domains in one forest (domain1 and domain2). I can login with ssh using domain1 and cannot login with domain2. I can kinit a ticket from domain2. Here are some…
ultimo_frogman
  • 91
  • 3
  • 11
2
votes
1 answer

What is the reason for a Kerberos keytab file when setting up SSH authentication on a server?

I haven't really have had much experience with Kerberos but I am trying to set up SSH authentication with AD on one of my servers using sssd. I have followed the instructions on the sssd documentation here and got it working but I am struggling to…
Simon D
  • 5,730
  • 2
  • 17
  • 31
2
votes
0 answers

PAM auth doesn't look at the shadow attributes in LDAP

I have a sssd setup to authentication against an LDAP server. I would like to use shadow attributes so that if it's in the past or set to 0 it won't let the user authenticate. It let's the user authenticate as long as the password is correct,…
ed1t
  • 8,719
  • 17
  • 67
  • 110
1
vote
1 answer

Ubuntu client set up with Google secure LDAPS (sssd)

Largely followed the instructions in https://support.google.com/a/answer/9089736 (SSSD (other linux distributions)) on how to set up google secure LDAP on an ubuntu client. My sssd.conf config is as follows: [sssd] debug_level = 7 domains =…
overflow_warrior_27
  • 93
  • 5
1
vote
1 answer

Not able to run sssd + AD domain controllers with different FQDN

I have below sssd + ad setup for ssh management. AD Domain - ad.example.net AD DC 1 hostname - dc1.example.net AD DC 2 hostname - dc2.example.net Linux (Centos) Server hostnames - server.int.example.com -> this I can not change as…
Parvez Kazi
  • 660
  • 5
  • 13
1
vote
0 answers

ubuntu 18.04 sssd not creating keytab file but works fine in 20.04

Trying to bind a ubuntu 18.04 (because of compatibility issues with another app, need to use this specific version) I use a mod script: #!/bin/bash apt install -y realmd sssd oddjob oddjob-mkhomedir adcli samba-common realm leave realm discover…
okwaho
  • 11
  • 5
1
2 3 4 5