Dear all,
i have a problem with sssd in conjunction with ldap on a centos 7 x86_64
box.
ldap works fine. I can login there as an usual user registred in ldap.
I want now restrict the access with ldap's host attribute. This is
beeing ignored. Still every ldap user can login, no matter what the hos
02/24/2015 01:06 AM, Gordon Messmer wrote:
> On 02/23/2015 03:59 AM, Ulrich Hiller wrote:
>>
>> /etc/sssd/sssd.conf:
>> [domain/default]
>> access_provider = ldap
>> ldap_access_filter = memberOf=ou=,o=
>> ldap_access_order = host
>
> Because ldap
Dear list members,
i have installed a CentOS 7 x86_64 system. I want to let users
authenticate over our ldap server. This seems to be working.
ldap-username and ldap-passwords are accepted for the users configured
in the ldap server. No problem.
Now i want to restrict the access to users who have
Hi,
'pam_check_host_attr yes' is in /etc/openldap/ldap.conf. /etc/ldap.conf
is a softlink to that file.
But still the host attribute is ignored.
With kind regards, ulrich
On 05/05/2015 12:32 PM, Ashish Yadav wrote:
> Hi,
>
> On Tue, May 5, 2015 at 3:32 PM, Ulrich Hiller
ry good. So i do not thing there is a problem on the
ldap server.
With kind regards, ulrich
On 05/05/2015 03:43 PM, Kai Grunau wrote:
> hi,
>
> On 05/05/2015 12:02 PM, Ulrich Hiller wrote:
>> access_provider = ldap
>> ldap_access_filter = memberOf=ou=,o=
>
Hello,
running unhide ( unhide-20130526-1.el7.x86_64 ) on CentOS 7 i get
sometimes messages like:
Found HIDDEN PID: 30784
Cmdline: ""
Executable: ""
" ... maybe a transitory process"
On a second unhide run immediately after it, the process seems to have
vanished. Also, i
I already have seen this page, but it does not help me.
But anyway, thanks a lot for your help.
With kind regards, ulrich
On 05/05/2015 05:47 PM, m.r...@5-cent.us wrote:
> Ulrich Hiller wrote:
>> unfortunately i got a syntax error with this method "ldap_access_filter
>> = h
On 05/05/2015 06:47 PM, Gordon Messmer wrote:
> On 05/05/2015 03:02 AM, Ulrich Hiller wrote:
>> /etc/openldap/ldap.conf contains the line:
>> --
>> pam_check_host_attr yes
>
> /etc/openldap/ldap.conf is the configuratio
Hi,
added, but no success.
My sssd.conf looks now so:
[sssd]
config_file_version = 2
services = nss,pam
domains = default
# SSSD will not start if you do not configure any domains.
# Add new domain configurations as [domain/] sections, and
# then add the list of domains (in the order you want them
gnored.
Is there another config file i have to edit?
With kind regards, ulrich
On 05/05/2015 11:43 PM, Gordon Messmer wrote:
> On 05/05/2015 11:14 AM, Ulrich Hiller wrote:
>> On 05/05/2015 06:47 PM, Gordon Messmer wrote:
>>> This is wrong. Don't use sss and ldap toge
orry for the stupid newbie's questions, ulrich
On 05/06/2015 07:02 PM, Gordon Messmer wrote:
> On 05/06/2015 07:24 AM, Ulrich Hiller wrote:
>>
>> Now i have removed the 'ldap' from the /etc/nsswitch.conf. Now it looks
>> like this:
>
> Looks good.
>
&
>> But instead i get
>> centos: sshd[7929]: pam_unix(sshd:session): session opened for user
>>
>
> "pam_unix" should be an indication that appears in the local
> unix password files. Make sure that it doesn't.
Nope. None of the usernames i tried is in /etc/passwd or /etc/shadow
>
> What do
Hmmm, i have made now a complete new install but the problem
persists: ldap authentication works, but the host attribute is ignored.
I have installed CentOS7 64bit with KDE.
I did not do any 'yum update' or install of extra packages so far.
these pam and ldap packages are installed:
openldap-
one more thing: firewalld service and selinux are deactivated.
On 05/11/2015 07:06 PM, Ulrich Hiller wrote:
> Hmmm, i have made now a complete new install but the problem
> persists: ldap authentication works, but the host attribute is ignored.
>
> I have installed CentOS7 64
am still not understanding why your using MD5? Is it because everyone in
> InfoSec declared that everyone finally went from md5 to sha512 or what?
>
>
> -Original Message-
> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf
> Of Ulrich Hil
>
> Hate to say that we're running out of options. I had a CentOS 7 system
> similar to yours, with LDAP authentication. I added three lines to
> sssd.conf (for access provider, etc), restarted sssd, and users with no
> "host" attribute were denied. I didn't actually test users with a host
>
>
> After that you'll probably have to turn up logging in sssd and check its
> logs to see what it's doing.
i have set logging in sssd to 9:
cache_credentials = true
debug_level = 9
I first tried a user with the correct host attribute, then a user
without the host attribute. The output in the l
ldap_user_authorized_host = host
I read something about "pam_check_host_attr" in /etc/ldap.conf But this
does not help in my /etc/openldap/ldap.conf (already tested).
Any idea is still welcome.
With kind regards, ulrich
On 05/12/2015 07:45 PM, Gordon Messmer wrote:
> On 05/12/2015
, ulrich
On 05/12/2015 09:23 PM, m.r...@5-cent.us wrote:
> Ulrich Hiller wrote:
>> that's intersting. "performing access check" is really missing.
>>
>> also the "sdap_access" lines are not there. Therefore i do have:
>>
>> (Tue May 12 13:1
On 05/12/2015 11:04 PM, m.r...@5-cent.us wrote:
> Ulrich Hiller wrote:
>> i thought this too.
>> I think this:
>>
>> access_provider = ldap
>> ldap_access_filter = memberOf=host=does-not-exist-host
>> ldap_access_order = filter
>> ldap_user_authorize
gards, ulrich
On 05/13/2015 06:36 PM, Gordon Messmer wrote:
> On 05/12/2015 11:47 AM, Ulrich Hiller wrote:
>> that's intersting. "performing access check" is really missing.
>
> OK Your system is configured to not check users with uidNumber <
> 2000. Your
21 matches
Mail list logo
