I work in an enterprise environment which has both Linux and Windows systems and an Active Directory for identity.
For good reasons we need to move from Linux based file servers to a NAS. The problem is that all our Linux systems use the SSD ID mapping algorithm to calculate UID and GIDs (and it works great!). We've not found a commercial NAS vendor who supports this algorithm so we can't just drop their products in place.
Do you know of any who do please?
Surely there must be some as many NASs run on Linux and BSD and use open source software heavily.
My colleague asked this in a GitHub issue  but I thought that it might be best to ask here.
Thanks in advance!
Short: Is there a way to check how long the cached credentials of a
specific user are still valid?
When I'm offline and I log in with cached credentials, it says something
like "Authenticated with cached credentials, your cached password will
expire at: XYZ".
# sssctl user-show <wid>
doesn't show this information...
I've checked with the cache file in /var/lib/sss/db/cache_<domain>.ldb.
The relevant field is probably the "lastOnlineAuth" field, or the
"lastLogin" field. Is there a way to instruct SSSD to reveal those
fields to a user process without doing a full authentication?
Thanks & Regards
I'm trying to authenticate users based on group membership in our Google
I can authenticate just fine without the 'ldap_access_filter' but when I
enable it they still authenticate even when the user is not a group member.
Additionally I don't see any check of the group membership in the logs, so
I must be doing something wrong. Please help me.
*[sssd]services = nss, pamdomains = domain.dk
<http://domain.dk>[domain/domain.dk <http://domain.dk>]# Base
settingsdebug_level = 8id_provider = ldapauth_provider =
ldapaccess_provider = ldapldap_access_order = filterldap_id_use_start_tls =
trueldap_uri = ldaps://ldap.google.com
/etc/sssd/google-ldap-client.key# Disable TLS 1.3 of google LDAP don't
workldap_tls_cipher_suite = NORMAL:!VERS-TLS1.3# Access
controlldap_access_filter = (memberOf=CN=vpn,ou=Groups,dc=domain,dc=com)#
Google recommended settingsldap_schema = rfc2307bisldap_user_uuid =
I have been looking for any lines in the logs referencing my vpn group but
there is none. I have even tried switching to 'auth_provider = simple' but
there is no reference of the group check
----CEGO A/S will as part of your communication and interaction with us
collect and process personal data about you. You can read more about our
collection and processing of your personal data and your rights as a data
subject at https://cego.dk/gdpr <https://cego.dk/gdpr>/