[Authentication] realmd erroneously reports "already joined" if /etc/sssd/sssd.conf is pre-present.
Stef Walter
stefw at gnome.org
Thu Nov 19 04:09:50 PST 2015
On 19.11.2015 13:06, Stephen Gallagher wrote:
>
>
>> On Nov 19, 2015, at 7:01 AM, Stef Walter <stefw at gnome.org> wrote:
>>
>>> On 19.11.2015 12:51, Niklas Andersson wrote: Well,
>>>
>>> I want to add support for sudo in ldap for example, and
>>> ignore_group_members, set some pam stuff. Paste the sssd.conf
>>> here below.
>>
>> When asked to configure sssd (the default) realmd uses sssd.conf as
>> the authoritative source of 'which domains am I joined to?'
>> information.
>>
>> I wonder if there's a present-but-disabled setting in sssd.conf
>> that could be useful in this case?
>>
>
> The domains= line in the [SSSD] section is the authoritative list of
> enabled domains. All other domain sections are ignored.
Niklas, does it work to include the new appropriately named section, but
leave the domain name out of the domains= line? Will realmd then update
the domains line, and further populate the [openforce.org] section?
Stef
>> Stef
>>
>>> [sssd] domains = openforce.org config_file_version = 2 services =
>>> nss, pam, ssh, sudo
>>>
>>> [ssh]
>>>
>>> [sudo]
>>>
>>> [pam] offline_credentials_expiration = 60
>>> pam_pwd_expiration_warning = 14
>>>
>>> [nss]
>>>
>>> [domain/openforce.org] id_provider = ad sudo_provider = ldap
>>> ignore_group_members = true dyndns_update = false
>>> use_fully_qualified_names = False lookup_family_order =
>>> ipv4_only cache_credentials = True fallback_homedir = /home/%u
>>> create_homedir = True override_shell = /bin/bash # # Sudo #
>>> ldap_uri = ldap://srv11.openforce.org ldap_sudo_search_base =
>>> ou=SUDOers,dc=openforce,dc=org ldap_default_bind_dn =
>>> cn=admin,dc=openforce,dc=org ldap_default_authtok = secret
>>>
>>> Regards, Niklas
>>>
>>>> On 19/11/15 12:47, Stephen Gallagher wrote:
>>>>
>>>>> On Nov 19, 2015, at 6:35 AM, Niklas Andersson
>>>>> <niklas.andersson at openforce.se> wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> I just run into an oddity with realmd. It seams that if there
>>>>> already is a preconfigured /etc/sssd/sssd.conf present, realm
>>>>> will erroneously report that the client is already joined to
>>>>> a domain.
>>>>>
>>>>> The thing is that I want to tweak the sssd.conf for our
>>>>> domain before sssd is started, and it seems like I can't do
>>>>> that because:
>>>>>
>>>>> a) If I pre-configure /etc/sssd/sssd.conf, realm won't join.
>>>>>
>>>>> b) If I don't pre-configure realm automatically generates a
>>>>> default /etc/sssd/sssd.conf and starts the service right
>>>>> after that.
>>>>>
>>>>> Is there somehow I can fix this nicely?
>>>>>
>>>> Could you specify what tweaks in particular that you are trying
>>>> to apply?
>>
>> _______________________________________________ Authentication
>> mailing list Authentication at lists.freedesktop.org
>> http://lists.freedesktop.org/mailman/listinfo/authentication
> _______________________________________________ Authentication
> mailing list Authentication at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/authentication
>
More information about the Authentication
mailing list