SSSD: Difference between revisions
Jump to navigation
Jump to search
| Line 6: | Line 6: | ||
<pre> | <pre> | ||
$ sudo realm list | $ sudo realm list | ||
myad.example.com | |||
type: kerberos | type: kerberos | ||
realm-name: | realm-name: MYAD.EXAMPLE.COM | ||
domain-name: | domain-name: myad.example.com | ||
configured: kerberos-member | configured: kerberos-member | ||
server-software: active-directory | server-software: active-directory | ||
| Line 19: | Line 19: | ||
required-package: adcli | required-package: adcli | ||
required-package: samba-common-bin | required-package: samba-common-bin | ||
login-formats: %U@ | login-formats: %U@myad.example.com | ||
login-policy: allow-realm-logins | login-policy: allow-realm-logins | ||
</pre> | </pre> | ||
Revision as of 18:41, 30 November 2024
Realm Details
sudo realm list
Example:
$ sudo realm list myad.example.com type: kerberos realm-name: MYAD.EXAMPLE.COM domain-name: myad.example.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: libnss-sss required-package: libpam-sss required-package: adcli required-package: samba-common-bin login-formats: %U@myad.example.com login-policy: allow-realm-logins
Restart Service
sudo systemctl restart sssd
sudo systemctl stop sssd ; sleep 3 ; sudo systemctl start sssd
sudo systemctl status sssd
Clear Cache
sss_cache - sss_cache invalidates records in SSSD cache. Invalidated records are forced to be reloaded from server as soon as related SSSD backend is online. Options that invalidate a single object only accept a single provided argument.
Clear cache:
# -E means everything sss_cache -E
Issues
Dynamic DNS update failed
Logs report:
[ad_dyndns_sdap_update_done] (0x0040): Dynamic DNS update failed [1432158240]: Dynamic DNS update failed
Cause:
- You do not have AD permission to do Dynamic DNS updates
Solution:
- Disable AD Dynamic DNS updates (or get permissions)
/etc/sssd/sssd.conf
[domain/DOMAIN_SECTION] # dyndns_update = True dyndns_update = False