Skip to main content
Unix & Linux

Questions tagged [sssd]

Ask Question

SSSD System Security Services Daemon provides an NSS and PAM interface to remote authenticators such as LDAP, Kerberos, FreeIPA.

160 questions
Newest Active Bountied Unanswered
1 vote
0 answers
18 views

setting up sssd in suse

I am setting up FreeIPA on SUSE. I have one server and one client. I installed slapd on the server with these configs: include /etc/openldap/schema/core.schema include /etc/openldap/...
Ariaeimehr's user avatar
Ariaeimehr
  • 11
5 votes
1 answer
207 views

'sudo su' Permission Denied, but relogging fixes it

I am having an issue that is only present since about April after updating packages. When I am accessing servers and use sudo su or sudo -s to access root and enter my password, I'll get: sudo: PAM ...
JCrowder's user avatar
JCrowder
  • 81
1 vote
0 answers
1k views

Bursts of errors "Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client (...) not found in Kerberos database."

I have set up some RHEL9 servers to authenticate through the AD for the domain EXAMPLE.XYZ; this is done via Ansible playbooks, and so far all works well. (It's the same setup as this previous ...
dr_'s user avatar
dr_
  • 32.4k
0 votes
1 answer
146 views

What is changing /etc/sssd/sssd.conf?

I have an Ansible playbook that writes to /etc/sssd/sssd.conf this Jinja template (variables are defined somewhere else): # This line is just to check that the file is written correctly [sssd] ...
dr_'s user avatar
dr_
  • 32.4k
0 votes
0 answers
93 views

NetworkManager and /etc/nsswitch.conf

I'm looking to use SSSD to connect to Wifi WPA2 Enterprise (on Ubuntu 22.04). Can nmcli (NetworkManager) use /etc/nsswitch.conf to authenticate to Wifi without user action for on-site mode ? Thanks ...
kto's user avatar
kto
  • 1
0 votes
1 answer
625 views

Auto-unlocking gnome-keyring does not work when using pam_sss

The Gnome Keyrings "Login" and "Default" are not unlocked automatically on my Linux Mint 22 machine. This is an LDAP user account and login goes throughg pam_sss.so (SSSD). The ...
Fritz's user avatar
Fritz
  • 748
1 vote
0 answers
77 views

OpenLDAP ppolicy and pwdGraceUseTime: How many grace logins are needed to change the password?

For a test, I created a testing password policy for OpenLDAP 2.4, and when a user with an expired password logs in, they get a message like: Your password has expired. You have 2 grace login(s) ...
U. Windl's user avatar
U. Windl
  • 1,771
1 vote
1 answer
892 views

Error when installing openssl-devel [sss_cache] DB version too old

I am building a RHEL8 instance and when installing openssl-devel and python36-devel I get the error [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.23], expected [0.24] for ...
Regulator's user avatar
Regulator
  • 11
2 votes
1 answer
378 views

KRB5 autentication using sssd only checks first domain

I am using both Red Hat and Ubuntu, but I'll start with Ubuntu (18.04.6). I want to authenticate with two KRB5 realms (not joined to AD); I'll call them REALM1 and REALM2. Some users are in REALM1, ...
eng3's user avatar
eng3
  • 330
0 votes
1 answer
86 views

Startup/Mounting fails because "No free loop devices"

When I switched on my laptop, I suddenly could not log in anymore. Everything was working fine until then, I was not messing with any settings. When I enter my password on the (gnome) login screen, ...
ga325's user avatar
ga325
  • 31
2 votes
1 answer
701 views

SSSD-AD allowing sshd login without password nor key

When trying to get an Ubuntu 22 joined to our AD domain via SSSD, I have encountered an odd situation where any AD user can login to the system without any password prompt and no ssh-key setup on the ...
Alex's user avatar
Alex
  • 85
-2 votes
1 answer
516 views

LDAP: What is the most suitable solution for remote home directories today? [closed]

I have created an LDAP (OpenLDAP and LAM) server with a structure, I solved the remote configuration of using sudo. I configured the client stations (will be exclusively Linux Ubuntu) to use LDAP with ...
Mato's user avatar
Mato
  • 609
1 vote
0 answers
131 views

How it is expected to make domain-joined linux computers connect Wi-Fi 802.1x with computer authentication?

I have an Active Directory domain with Windows computers: when I join computer to AD, it gets computer account (computername$) and 802.1x group policy which says Connect to SSID mySSID validate AAA ...
filimonic's user avatar
filimonic
  • 141
0 votes
1 answer
3k views

"no such user" - LDAP authentication with sssd

I am struggling with making sssd use LDAP users to login on my Linux-Server (Oracle Linux 8.9, basically identical to RHEL, but free). Goal Using the users (e.g. "John") existing on the LDAP-...
mikro_do's user avatar
mikro_do
  • 3
0 votes
1 answer
327 views

Understanding risks of setting nscd positive-time-to-live to a longer duration

as I mentioned in another thread, I have an LDAP system supporting two dozen Linux servers. When LDAP server is down for various reasons (firewall rule changes, power outage etc), my rest of the ...
FangQ's user avatar
FangQ
  • 133

15 30 50 per page
1
2 3 4 5
11