Hi Sumit, … this is the last few lines from the sssd_nss.log (after
running # getent group – which does not work). Getent passwd now works ok.
Tue Jan 26 14:51:15 2016) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected!
(Tue Jan 26 14:51:15 2016) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client
version [1].
(Tue Jan 26 14:51:15 2016) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version
[1].
(Tue Jan 26 14:51:15 2016) [sssd[nss]] [nss_cmd_setgrent_send] (0x0100): Received
setgrent request
(Tue Jan 26 14:51:15 2016) [sssd[nss]] [nss_cmd_setgrent_step] (0x0400): Requesting info
for domain [vmlab]
(Tue Jan 26 14:51:15 2016) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request
for [0x41c240:2:*@vmlab]
(Tue Jan 26 14:51:15 2016) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating
request for [vmlab][4098][1][*]
(Tue Jan 26 14:51:15 2016) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering
request [0x41c240:2:*@vmlab]
(Tue Jan 26 14:51:15 2016) [sssd[nss]] [nss_cmd_setgrent_step] (0x0400): Requesting info
for domain [vmlab]
(Tue Jan 26 14:51:15 2016) [sssd[nss]] [nss_cmd_setgrent_step] (0x0100): Domain [vmlab]
has no groups, skipping.
(Tue Jan 26 14:51:15 2016) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting
request: [0x41c240:2:*@vmlab]
(Tue Jan 26 14:51:15 2016) [sssd[nss]] [nss_cmd_getgrent] (0x0100): Requesting info for
all groups
(Tue Jan 26 14:51:15 2016) [sssd[nss]] [nss_cmd_endgrent] (0x0100): Terminating request
info for all groups
(Tue Jan 26 14:51:15 2016) [sssd[nss]] [client_recv] (0x0200): Client disconnected!
(Tue Jan 26 14:51:17 2016) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected!
(Tue Jan 26 14:51:17 2016) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client
version [1].
(Tue Jan 26 14:51:17 2016) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version
[1].
(Tue Jan 26 14:51:17 2016) [sssd[nss]] [nss_cmd_setgrent_send] (0x0100): Received
setgrent request
(Tue Jan 26 14:51:17 2016) [sssd[nss]] [nss_cmd_getgrent] (0x0100): Requesting info for
all groups
(Tue Jan 26 14:51:17 2016) [sssd[nss]] [nss_cmd_endgrent] (0x0100): Terminating request
info for all groups
(Tue Jan 26 14:51:17 2016) [sssd[nss]] [client_recv] (0x0200): Client disconnected!
…I have a feeling my groups setup is not correct !
yes, as mentioned earlier groups need the objectclass posixGroup to have
a gidNumber attribute.
Please note that if you use the member attribute with the DNs of the
members you have to set 'ldap_schema=rfc2307bis' (see man sssd-ldap for
details).
HTH
bye,
Sumit
# Platform, Users, vmlab.ari.cdk.hosting
dn: cn=Platform,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting
cn: Platform
objectClass: groupOfNames
member: cn=Bob Jones,cn=Steve xxxxxx,cn=Tom xxxxxxx,cn=Max xxxxxxx,ou=Users
,dc=vmlab,dc=ari,dc=cdk,dc=hosting
member: cn=Rod xxxxxt,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting
member: cn=Steve xxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting
member: cn=Tom xxxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting
# groups, vmlab.ari.cdk.hosting
dn: ou=groups,dc=vmlab,dc=ari,dc=cdk,dc=hosting
objectClass: organizationalUnit
ou: groups
description: generic groups branch
..or is it something else?
When I try and login via the client (SSSD VM) I get access denied.
Thanks again.
From: Murdoch, Steve
Sent: 26 January 2016 13:37
To: 'End-user discussions about the System Security Services Daemon'
Subject: RE: [SSSD-users] Re: SSSD Client Auth on LDAP Server -both Client & Server
CentOS6.7
Hi Sumit - The good news is - # getent passwd is now working - I can see all my LDAP
users:
.....
rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
mxxxxxx:*:502:502:Max xxxxxx:/home/max:
txxxxxx:*:501:501:Tom xxxxxx:/home/tom:
sxxxxxx:*:505:100:Steve xxxxxx:/home/sxxxxxx:
Manager:*:503:503:Manager:/home/Manager:
mxxxxxx:*:504:100:Mike xxxxxx:/home/mxxxxxx:
bjones:*:506:100:Bob Jones:/home/bjones:
admin:*:507:100:admin:/home/admin:
[root@SSSD-VM-Test db]#
.. the bad news is # getent group is not working and therefore (I am assuming) I cannot
login on the client and get authorised via SSSD to the LDAP server.
I have added a group - this is what I added:
# groups, vmlab.ari.cdk.hosting
dn: ou=groups,dc=vmlab,dc=ari,dc=cdk,dc=hosting
objectClass: organizationalUnit
ou: groups
description: generic groups branch
..is this ok - or do I need to add more lines?
Many thanks for your help.
-----Original Message-----
From: Murdoch, Steve
Sent: 26 January 2016 10:58
To: sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
Subject: RE: [SSSD-users] Re: SSSD Client Auth on LDAP Server -both Client & Server
CentOS6.7
Hi Sumit,
The Primary group 100 exists on the LDAP Server and on the SSSD Client - but the users
only exist on the LDAP server (no users added to SSSD).
Sorry, I am not clear what you mean:
> you have to add the primary group with GID 100 on the LDAP server as
> well
Attached are the nss and domain logs on the SSSD Client as requested.
Thanks
-----Original Message-----
From: Sumit Bose [mailto:sbose@redhat.com]
Sent: 25 January 2016 17:24
To: sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
Subject: [SSSD-users] Re: SSSD Client Auth on LDAP Server -both Client & Server
CentOS6.7
On Mon, Jan 25, 2016 at 03:55:45PM +0000, Murdoch, Steven wrote:
> Hi Sumit,
>
> I think I have managed to add in the posixAccount to a user - when I ldapsearch from
the client - I get this info for this user:
>
>
> # mxxxxxx, Users, vmlab.ari.cdk.hosting
> dn: uid=mxxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting
> cn: Mike xxxxxx
> sn: xxxxxx
> objectClass: inetOrgPerson
> objectClass: posixAccount
> userPassword:: cEBzc3cwcmQ=
> uid: mxxxxxx
> uidNumber: 504
> gidNumber: 100
> homeDirectory: /home/mxxxxxx
>
> ..I then tried getent passwd - but same as before I only get local users !
> Is there something else that needs a tweak to allow 'getent passwd' to show
the ldap users?
you have to add the primary group with GID 100 on the LDAP server as well. If this still
does not work please attach the nss and domain logs (see
https://fedorahosted.org/sssd/wiki/Troubleshooting for details).
bye,
Sumit
>
> Thanks a lot.
>
> -----Original Message-----
> From: Murdoch, Steve
> Sent: 25 January 2016 14:55
> To: 'End-user discussions about the System Security Services Daemon'
> Subject: RE: [SSSD-users] Re: SSSD Client Auth on LDAP Server -both
> Client & Server CentOS6.7
>
> Hi Sumit,
>
> Thanks for your help - I am trying to ldapmodify - added these lines to mike.ldif:
>
> dn: uid=mxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting
> changetype: modify
> replace: objectClass
> objectClass: posixAccount
> uidNumber: 504
> userPassword: p@ssw0rd
> cn: Mike
> sn: xxxxxxx
> gidNumber: 100
> homeDirectory: /home/mxxxxxx
>
> I used only the first 4 lines - but it complained that I need a uidNumber - so I
added in line 5, but then I get this:
> ldapmodify: wrong attributeType at line 5, entry
"uid=mxxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting"
>
> ...what am I doing wrong?
>
> Thanks
>
> -----Original Message-----
> From: Sumit Bose [mailto:sbose@redhat.com]
> Sent: 25 January 2016 13:57
> To:
sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
> Subject: [SSSD-users] Re: SSSD Client Auth on LDAP Server -both Client
> & Server CentOS6.7
>
> On Mon, Jan 25, 2016 at 01:15:46PM -0000,
steven.murdoch@cdk.com<mailto:steven.murdoch@cdk.com> wrote:
> >
> > Hi - I am new to SSSD and LDAP, and my first posting - so please bare with me.
> > # getent passwd only displays the local users - will not display the
> > LDAP users and is driving me insane - ldapsearch seems to work I am
> > using SSSD with TLS to authenticate to LDAP Server The CA.crt files were self
signed certificates.
> > I used # cacertdir_rehash to create to create the sym-link to the
> > CA.crt on both Client and Server My LDAP Server hostname is
'ActDir-VM-Test'
> > My SSSD Client hostname is 'SSSD-VM-Test'
> >
> > Here are my files:
> >
> > Server - /etc/openldap/slapd.conf:
> >
> > allow bind_v2
> > allow bind_anon_dn
> > pidfile /var/run/openldap/slapd.pid
> > argsfile /var/run/openldap/slapd.args
> > TLSCACertificatePath /etc/openldap/cacerts TLSCACertificateFile
> > /etc/openldap/cacerts/CA.crt TLSCertificateFile
> > /etc/openldap/cacerts/server.crt TLSCertificateKeyFile
> > /etc/openldap/cacerts/server.key TLSCipherSuite HIGH:MEDIUM:+TLSv1
> > TLSVerifyClient never access to
> > dn.sub="dc=vmlab,dc=ari,dc=cdk,dc=hosting"
> > by anonymous read
> > by * read
> > access to dn.base=""
> > by anonymous none
> > by * read
> > database config
> > access to *
> > by
dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
> > by * none
> > database monitor
> > access to *
> > by
dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
> > by dn.exact="cn=Manager,dc=vmlab,dc=ari,dc=cdk,dc=hosting"
read
> > by * none
> > access to * by users read
> >
> > database bdb
> > suffix "dc=vmlab,dc=ari,dc=cdk,dc=hosting"
> > checkpoint 1024 15
> > rootdn "cn=Manager,dc=vmlab,dc=ari,dc=cdk,dc=hosting"
> > rootpw p@ssw0rd
> > loglevel 256
> > sizelimit unlimited
> > #
> >
> > Server - ldap.conf:
> >
> > TIMELIMIT 120
> > ssl start_tls
> >
> > URI ldap://ActDir-VM-Test:389/
> > BASE cn=Manager,dc=vmlab,dc=ari,dc=cdk,dc=hosting
> > TLS_REQCERT allow
> >
> > TLSCACertificatePath /etc/openldap/cacerts TLSCACertificateFile
> > /etc/openldap/cacerts/CA.crt #
> >
> > Server - /etc/sysconfig/ldap:
> >
> > SLAPD_LDAP=yes
> >
> > # Run slapd with -h "... ldapi:/// ..."
> > # yes/no, default: yes
> > SLAPD_LDAPI=no
> >
> > # Run slapd with -h "... ldaps:/// ..."
> > # yes/no, default: no
> > SLAPD_LDAPS=no
> > #
> >
> > Server - /etc/pam.d/password-auth-ac
> >
> > #%PAM-1.0
> > # This file is auto-generated.
> > # User changes will be destroyed the next time authconfig is run.
> > auth required pam_env.so
> > auth sufficient pam_unix.so nullok try_first_pass
> > auth requisite pam_succeed_if.so uid >= 500 quiet
> > auth sufficient pam_sss.so use_first_pass
> > auth required pam_deny.so
> >
> > account required pam_unix.so broken_shadow
> > account sufficient pam_localuser.so
> > account sufficient pam_succeed_if.so uid < 500 quiet
> > account [default=bad success=ok user_unknown=ignore] pam_sss.so
> > account required pam_permit.so
> >
> > password requisite pam_cracklib.so try_first_pass retry=3 type=
> > password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok
> > password sufficient pam_sss.so use_authtok
> > password required pam_deny.so
> >
> > session optional pam_keyinit.so revoke
> > session required pam_limits.so
> > session [success=1 default=ignore] pam_succeed_if.so service in crond quiet
use_uid
> > session required pam_unix.so
> > session optional pam_sss.so
> > #
> >
> > Server: - /etc/pam.d/system-auth-ac
> >
> > #%PAM-1.0
> > # This file is auto-generated.
> > # User changes will be destroyed the next time authconfig is run.
> > auth required pam_env.so
> > auth sufficient pam_unix.so nullok try_first_pass
> > auth requisite pam_succeed_if.so uid >= 500 quiet
> > auth sufficient pam_sss.so use_first_pass
> > auth required pam_deny.so
> >
> > account required pam_unix.so broken_shadow
> > account sufficient pam_localuser.so
> > account sufficient pam_succeed_if.so uid < 500 quiet
> > account [default=bad success=ok user_unknown=ignore] pam_sss.so
> > account required pam_permit.so
> >
> > password requisite pam_cracklib.so try_first_pass retry=3 type=
> > password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok
> > password sufficient pam_sss.so use_authtok
> > password required pam_deny.so
> >
> > session optional pam_keyinit.so revoke
> > session required pam_limits.so
> > session [success=1 default=ignore] pam_succeed_if.so service in crond quiet
use_uid
> > session required pam_unix.so
> > session optional pam_sss.so
> > #
> >
> > Server - /etc/nsswitch.conf
> >
> > passwd: files sss
> > shadow: files sss
> > group: files sss
> > #
> >
> >
> >
> > Client - /etc/sssd/sssd.conf:
> >
> > [sssd]
> > services = nss, pam
> > config_file_version = 2
> > domains = vmlab
> >
> > authconfig --enablesssd --enablesssdauth --enablelocauthorize
> > --enableldap --enableldaptls --enableldapauth
> > --ldapserver=ldap://ActDir-VM-Test.vmlab.ari.cdk.hosting:389
> > --ldapbasedn=dc=vmlab,dc=ari,dc=cdk,dc=hosting --disablekrb5
> > --disablenis --enablerfc2307bis --enablemkhomedir --enablecachecreds
> > --update
> >
> > [domain/vmlab]
> >
> > id_provider = ldap
> > auth_provider = ldap
> >
> > # Timming
> > entry_cache_timeout = 600
> > ldap_network_timeout = 3
> >
> > ldap_uri = ldap://ActDir-VM-Test.vmlab.ari.cdk.hosting:389
> > ldap_user_search_base =
> > dc=ActDir-VM-Test,dc=vmlab,dc=ari,dc=cdk,dc=hosting
> > ldap_tls_reqcert = demand
> > cache_credentials = True
> >
> > ldap_tls_cacertdir = /etc/openldap/cacerts ldap_access_filter =
> > memberOf=CN=Manager,OU=Users,DC=ActDir-VM-Test,DC=vmlab,DC=ari,DC=cd
> > k, DC=hosting ldap_tls_cacert = /etc/openldap/cacerts/CA.crt
> > ldap_tls_reqcert = demand ldap_default_bind_dn =
> > cn=Manager,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting
> > ldap_default_authtok_type = password ldap_default_authtok = p@ssw0rd
> > enumerate = true
> >
> >
> > [nss]
> > filter_users = root, sshd, named, avahi, haldaemon, dbus, radiusd,
> > news, nscd filter_groups = root, sshd, named, avahi, haldaemon,
> > dbus, radiusd, news, nscd reconnection_retries = 3
> > entry_cache_timeout = 300 entry_cache_nowait_percentage = 75
> > debug_level = 6
> >
> > [pam]
> > reconnection_retries = 3
> > #
> > The enumerate = True will only be enabled during testing - if I ever get it
working - then it will be removed.
> >
> >
> > Client - /etc/openldap/ldap.conf:
> >
> > idle_timelimit 3600
> > TIMELIMIT 120
> > bind_timelimit 120
> >
> > SASL_NOCANON on
> > TLSCACertificatePath /etc/openldap/cacerts TLSCACertificateFile
> > /etc/openldap/cacerts/CA.crt
> >
> > #TLS_CACERTDIR /etc/openldap/cacerts #TLS_CACERT
> > /etc/openldap/cacerts/CA.crt #TLS_CACERT
> > /etc/openldap/cacerts/19913717.0
> >
> > ssl start_tls
> > TLS_REQCERT allow
> > HOST ActDir-VM-Test.vmlab.ari.cdk.hosting
> > BASE dc=ActDir-VM-Test,dc=vmlab,dc=ari,dc=cdk,dc=hosting
> > URI ldap://ActDir-VM-Test.vmlab.ari.cdk.hosting:389
> > TLS_CACERTDIR /etc/openldap/cacerts
> > ldap_default_bind_dn cn=Manager,dc=vmlab,dc=ari,dc=cdk,dc=hosting
> > ldap_default_authtok p@ssw0rd
> > BINDDN
> > uid=Manager,ou=Users,dc=ActDir-VM-Test,dc=vmlab,dc=ari,dc=cdk,dc=hos
> > ti
> > ng
> > #
> >
> > Client - the PAM files password-auth-ac and the system-auth-ac files are the
same as the Server:
> >
> > Client - nsswitch.conf:
> >
> > passwd: files sss
> > shadow: files sss
> > group: files sss
> >
> > uid Manager
> > gid ldap
> > #base CN=vmlab,OU=Users,DC=vmlab,DC=ari,DC=cdk,DC=hosting
> > base DC=vmlab,DC=ari,DC=cdk,DC=hosting uri
> > ldap://ActDir-VM-Test.vmlab.ari.cdk.hosting
> > #
> >
> > Client - ldapsearch:
> >
> > # ldapsearch -x -ZZ -H ldap://ActDir-VM-Test.vmlab.ari.cdk.hosting
> > -b dc=vmlab,dc=ari,dc=cdk,dc=hosting objectclass=* # extended LDIF #
> > #
> > LDAPv3 # base <dc=vmlab,dc=ari,dc=cdk,dc=hosting> with scope subtree
> > #
> > filter: objectclass=* # requesting: ALL #
> >
> > # vmlab.ari.cdk.hosting
> > dn: dc=vmlab,dc=ari,dc=cdk,dc=hosting
> > objectClass: dcObject
> > objectClass: organization
> > dc: vmlab
> > o: vmlab
> >
> > # Users, vmlab.ari.cdk.hosting
> > dn: ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting
> > objectClass: organizationalUnit
> > ou: Users
> >
> > # Steve xxxxxxxxx, Users, vmlab.ari.cdk.hosting
> > dn: cn=Steve Murdoch,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting
> > cn: Steve xxxxxxxx
> > sn: xxxxxxxx
> > objectClass: inetOrgPerson
>
> The inetOrgPerson objectclass is not sufficient you need to add the posixAccount
objectclass to user objects and the posixGroup objects to group objects. These
objectclasses are needed to e.g. provided the POSIX UIDs and GIDs.
>
> HTH
>
> bye,
> Sumit
> >
> > userPassword:: cEBzc3cwcmQ=
> > uid: sxxxxxxxx
> >
> > # Bob Jones, Users, vmlab.ari.cdk.hosting
> > dn: cn=Bob Jones,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting
> > cn: Bob Jones
> > sn: Jones
> > objectClass: inetOrgPerson
> > userPassword:: cEBzc3cwcmQ=
> > uid: bjones
> >
> > # Tom xxxxxxxx, Users, vmlab.ari.cdk.hosting
> > dn: cn=Tom xxxxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting
> > cn: Tom xxxxxxxx
> > sn: xxxxxxxx
> > objectClass: inetOrgPerson
> > userPassword:: cEBzc3cwcmQ=
> > uid: txxxxxxxx
> >
> > # Max xxxxxxxx, Users, vmlab.ari.cdk.hosting
> > dn: cn=Max xxxxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting
> > cn: Max xxxxxxxx
> > sn: xxxxxxxx
> > objectClass: inetOrgPerson
> > userPassword:: cEBzc3cwcmQ=
> > uid: mxxxxxxxx
> >
> > # Platform, Users, vmlab.ari.cdk.hosting
> > dn: cn=Platform,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting
> > cn: Platform
> > objectClass: groupOfNames
> > member: cn=Bob Jones,cn=Steve xxxxxxxx,cn=Tom xxxxxxxx,cn=Max
> > xxxxxxxx,ou=Users ,dc=vmlab,dc=ari,dc=cdk,dc=hosting
> > member: cn=Rod Stewart,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting
> > member: cn=Steve xxxxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting
> > member: cn=Tom xxxxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting
> >
> > # mpitman, Users, vmlab.ari.cdk.hosting
> > dn: uid=mxxxxxxxx,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting
> > cn: Mike xxxxxxxx
> > sn: xxxxxxxx
> > objectClass: inetOrgPerson
> > userPassword:: cEBzc3cwcmQ=
> > uid: mxxxxxx
> >
> > # root, Users, vmlab.ari.cdk.hosting
> > dn: uid=root,ou=Users,dc=vmlab,dc=ari,dc=cdk,dc=hosting
> > cn: root
> > sn: root
> > objectClass: inetOrgPerson
> > userPassword:: cEBzc3cwcmQ=
> > uid: root
> >
> > # search result
> > search: 3
> > result: 0 Success
> >
> > # numResponses: 10
> > #
> >
> >
> >
> > Any help much appreciated - thanks a lot.
> >
> >
> >
> >
> > _______________________________________________
> > sssd-users mailing list
> >
sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
> >
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedoraho
> > st
> >
ed.org
> _______________________________________________
> sssd-users mailing list
> sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
>
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahost
>
ed.org
>
> ----------------------------------------------------------------------
> This message and any attachments are intended only for the use of the addressee and
may contain information that is privileged and confidential. If the reader of the message
is not the intended recipient or an authorized representative of the intended recipient,
you are hereby notified that any dissemination of this communication is strictly
prohibited. If you have received this communication in error, notify the sender
immediately by return email and delete the message and any attachments from your system.
> _______________________________________________
> sssd-users mailing list
> sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
>
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahost
>
ed.org
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org