SSSD

From Omnia
Jump to navigation Jump to search

Realm Details

sudo realm list

Example: 

$ sudo realm list
myad.example.com
  type: kerberos
  realm-name: MYAD.EXAMPLE.COM
  domain-name: myad.example.com
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: libnss-sss
  required-package: libpam-sss
  required-package: adcli
  required-package: samba-common-bin
  login-formats: %U@myad.example.com
  login-policy: allow-realm-logins

Restart Service

sudo systemctl restart sssd

sudo systemctl stop sssd ; sleep 3 ; sudo systemctl start sssd

sudo systemctl status sssd

Check User

getent -s sss passwd [USERID]

getent -s sss passwd 12345@myad.example.com
12345:*:1455846733:1356800513:My User:/home/12345:/bin/bash

Clear Cache

sss_cache - sss_cache invalidates records in SSSD cache. Invalidated records are forced to be reloaded from server as soon as related SSSD backend is online. Options that invalidate a single object only accept a single provided argument.

Clear cache: 

# -E means everything
sss_cache -E

Issues

Dynamic DNS update failed

Logs report: 

[ad_dyndns_sdap_update_done] (0x0040): Dynamic DNS update failed [1432158240]: Dynamic DNS update failed

Cause:

  • You do not have AD permission to do Dynamic DNS updates

Solution:

  • Disable AD Dynamic DNS updates (or get permissions)

/etc/sssd/sssd.conf 

[domain/DOMAIN_SECTION]
# dyndns_update = True
dyndns_update = False
Retrieved from "https://aznot.com/index.php?title=SSSD&oldid=8173"