[Authentication] realmd erroneously reports "already joined" if /etc/sssd/sssd.conf is pre-present.

Niklas Andersson niklas.andersson at openforce.se
Thu Nov 19 03:51:16 PST 2015


Well,

  I want to add support for sudo in ldap for example, and 
ignore_group_members, set some pam stuff. Paste the sssd.conf here below.

Regards,
Niklas

[sssd]
domains = openforce.org
config_file_version = 2
services = nss, pam, ssh, sudo

[ssh]

[sudo]

[pam]
offline_credentials_expiration = 60
pam_pwd_expiration_warning = 14

[nss]

[domain/openforce.org]
id_provider = ad
sudo_provider = ldap
ignore_group_members = true
dyndns_update = false
use_fully_qualified_names = False
lookup_family_order = ipv4_only
cache_credentials = True
fallback_homedir = /home/%u
create_homedir = True
override_shell = /bin/bash
#
# Sudo
#
ldap_uri = ldap://srv11.openforce.org
ldap_sudo_search_base = ou=SUDOers,dc=openforce,dc=org
ldap_default_bind_dn = cn=admin,dc=openforce,dc=org
ldap_default_authtok = secret

Regards,
Niklas

On 19/11/15 12:47, Stephen Gallagher wrote:
>
>> On Nov 19, 2015, at 6:35 AM, Niklas Andersson <niklas.andersson at openforce.se> wrote:
>>
>> Hi,
>>
>> I just run into an oddity with realmd. It seams that if there already is a preconfigured /etc/sssd/sssd.conf present, realm will erroneously report that the client is already joined to a domain.
>>
>> The thing is that I want to tweak the sssd.conf for our domain before sssd is started, and it seems like I can't do that because:
>>
>> a) If I pre-configure /etc/sssd/sssd.conf, realm won't join.
>>
>> b) If I don't pre-configure realm automatically generates a default /etc/sssd/sssd.conf and starts the service right after that.
>>
>> Is there somehow I can fix this nicely?
>>
> Could you specify what tweaks in particular that you are trying to apply?
>
>
>
>> Best Regards,
>> Niklas Andersson
>> _______________________________________________
>> Authentication mailing list
>> Authentication at lists.freedesktop.org
>> http://lists.freedesktop.org/mailman/listinfo/authentication
> _______________________________________________
> Authentication mailing list
> Authentication at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/authentication



More information about the Authentication mailing list