• Wa chevron_right

      SSSD and SUDOers

      pubsub.slavino.sk / warlord0blog · Thursday, 9 March, 2023 - 17:59 edit

    All our remote users are using LDAP cached credentials using SSSD. This works really well for users that transition online to offline, with one failing. When they attempt to use sudo to elevate permissions to carry out a privileged operation. For the longest time I could not get this working. I searched LDAP and compared &ellipsisRead the full post »

    Značky: #authentication, #ldap, #sssd, #Linux

    • Sl chevron_right

      How to fix failed dynamic DNS update with Samba Active Directory and System Security Services Daemon

      pubsub.slavino.sk / sleeplessbestie · Friday, 6 May, 2022 - 11:00 edit

    Fix failed dynamic DNS update with Samba Active Directory and System Security Services Daemon by upgrading internal Samba DNS to BIND. Issue DNS records are updated correctly, but dynamic DNS update process is marked as failed. $ dig s1.example.org +short 172.16.0.117 Sample sssd debug log indicating that there is a problem with dynamic DNS update. […]

    Značky: #sssd, #Samba, #Debian, #Linux, #SysOps, #Bullseye

    • Sl chevron_right

      How to check System Security Services Daemon configuration

      pubsub.slavino.sk / sleeplessbestie · Wednesday, 27 April, 2022 - 11:00 edit

    Check System Security Services Daemon configuration. Use sssctl utility from sssd-tools package to inspect sssd configuration. $ sudo sssctl config-check Issues identified by validators: 0 Messages generated during configuration merging: 0 Used configuration snippet files: 0 Exit code will indicate success. $ echo $? 0 Sample issue with option in wrong section. [sssd] domains = […]

    Značky: #Linux, #sssd, #SysOps

    • Sl chevron_right

      How to configure System Security Services Daemon disable SUDO Smart Refresh task

      pubsub.slavino.sk / sleeplessbestie · Monday, 25 April, 2022 - 11:00 edit

    Configure System Security Services Daemon to disable SUDO Smart Refresh task. SUDO Smart Refresh task is executed periodically even if it is not used or configured. [...] (2021-09-22 22:10:24): [be[example.org]] [be_ptask_execute] (0x0400): Task [SUDO Smart Refresh]: executing task, timeout 900 seconds (2021-09-22 22:10:24): [be[example.org]] [sdap_sudo_smart_refresh_send] (0x0400): Issuing a smart refresh of sudo rules (USN >= […]

    Značky: #Linux, #sssd, #SysOps

    • Sl chevron_right

      How to configure System Security Services Daemon to update Active Directory DNS using custom interval

      pubsub.slavino.sk / sleeplessbestie · Monday, 18 April, 2022 - 11:00 edit

    Configure System Security Services Daemon (sssd) to update Active Directory DNS using the custom interval. By default, the client IP address in the Active Directory DNS is updated every 24 hours using the IP addresses of the interface associated with the connection to the Active Directory LDAP. Sample debug log. (2021-09-22 17:46:51): [be[example.org]] [be_ptask_execute] (0x0400): […]

    Značky: #sssd, #SysOps, #Linux