1:41 a.m.
Hello
Im searching for a solution to use shortnames for users from both
FreeIPA(4.5) realm and a from a Trusted AD realm, I'm using Centos6.9
which has sssd 1.13.
I’m doing it for the centos7’s using domain resolution order in the IPA server.
Anyone has any suggestion on how to accomplish this on centos6?
BR
Hampus
2:11 a.m.
On Thu, Oct 19, 2017 at 08:41:42AM +0200, Hampus Lundqvist wrote:
Hello
Im searching for a solution to use shortnames for users from both
FreeIPA(4.5) realm and a from a Trusted AD realm, I'm using Centos6.9
which has sssd 1.13.
I’m doing it for the centos7’s using domain resolution order in the IPA server.
Anyone has any suggestion on how to accomplish this on centos6?
It's not possible on Centos-6, sorry. You can either have shortnames for
the IPA domain (the default) or use the default_domain_suffix to reverse
the situation and qualify the IPA users.
2:28 a.m.
Hi.
Ok, thanks for the answer.
I just tested installing the sssd-1.15.3-1.1.el6.x86_64 from the repository on copr.
It started and seems to work, until I do a service sssd stop. It hangs and will not stop
using the normal signals, any experience in how to to get that one working (is it possible
at all?)
//H
-----Original Message-----
From: Jakub Hrozek [mailto:jhrozek@redhat.com]
Sent: den 19 oktober 2017 09:12
To: sssd-users(a)lists.fedorahosted.org
Subject: [SSSD-users] Re: shortnames for 2 realms in Centos6
On Thu, Oct 19, 2017 at 08:41:42AM +0200, Hampus Lundqvist wrote:
Hello
Im searching for a solution to use shortnames for users from both
FreeIPA(4.5) realm and a from a Trusted AD realm, I'm using Centos6.9
which has sssd 1.13.
I’m doing it for the centos7’s using domain resolution order in the IPA server.
Anyone has any suggestion on how to accomplish this on centos6?
It's not possible on Centos-6, sorry. You can either have shortnames for
the IPA domain (the default) or use the default_domain_suffix to reverse
the situation and qualify the IPA users.
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
2:43 a.m.
On Thu, Oct 19, 2017 at 07:28:53AM +0000, Hampus Lundqvist wrote:
Hi.
Ok, thanks for the answer.
I just tested installing the sssd-1.15.3-1.1.el6.x86_64 from the repository on copr.
It started and seems to work, until I do a service sssd stop. It hangs and will not stop
using the normal signals, any experience in how to to get that one working (is it possible
at all?)
This is new to me, do the logs show anything?
2:50 a.m.
Strace showed this on sssd when trying to stop:
kill(4294949261, SIGTERM) = -1 ESRCH (No such process)
wait4(18035, 0x7ffe42ce03ac, WNOHANG, NULL) = 0
And I found this:
type=SYSCALL msg=audit(1508398680.127:110): arch=c000003e syscall=109 success=yes exit=0
a0=4715 a1=4715 a2=4715 a3=7fff08db5420 items=0 ppid=18196 pid=18197 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=2 comm="sssd"
exe="/usr/sbin/sssd" subj=unconfined_u:system_r:sssd_t:s0 key=(null)
type=AVC msg=audit(1508398680.127:110): avc: denied { setpgid } for pid=18197
comm="sssd" scontext=unconfined_u:system_r:sssd_t:s0
tcontext=unconfined_u:system_r:sssd_t:s0 tclass=process
ausearch -c 'sssd' --raw | audit2allow -M my-sssd
require {
type sssd_t;
class process setpgid;
}
#============= sssd_t ==============
allow sssd_t self:process setpgid;
So I did:
semodule -i my-sssd.pp and now it seems to work fine.
BR
Hampus
-----Original Message-----
From: Jakub Hrozek [mailto:jhrozek@redhat.com]
Sent: den 19 oktober 2017 09:43
To: sssd-users(a)lists.fedorahosted.org
Subject: [SSSD-users] Re: shortnames for 2 realms in Centos6
On Thu, Oct 19, 2017 at 07:28:53AM +0000, Hampus Lundqvist wrote:
Hi.
Ok, thanks for the answer.
I just tested installing the sssd-1.15.3-1.1.el6.x86_64 from the repository on copr.
It started and seems to work, until I do a service sssd stop. It hangs and will not stop
using the normal signals, any experience in how to to get that one working (is it possible
at all?)
This is new to me, do the logs show anything?
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
2:35 p.m.
On (19/10/17 07:50), Hampus Lundqvist wrote:
Strace showed this on sssd when trying to stop:
kill(4294949261, SIGTERM) = -1 ESRCH (No such process)
wait4(18035, 0x7ffe42ce03ac, WNOHANG, NULL) = 0
And I found this:
type=SYSCALL msg=audit(1508398680.127:110): arch=c000003e syscall=109 success=yes exit=0
a0=4715 a1=4715 a2=4715 a3=7fff08db5420 items=0 ppid=18196 pid=18197 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=2 comm="sssd"
exe="/usr/sbin/sssd" subj=unconfined_u:system_r:sssd_t:s0 key=(null)
type=AVC msg=audit(1508398680.127:110): avc: denied { setpgid } for pid=18197
comm="sssd" scontext=unconfined_u:system_r:sssd_t:s0
tcontext=unconfined_u:system_r:sssd_t:s0 tclass=process
And info/warning is displayed on copr front page
https://copr.fedorainfracloud.org/coprs/g/sssd/sssd-1-15/
LS
2376
days inactive
2378
days old
sssd-users@lists.fedorahosted.org
5 comments
4 participants
participants (4)
-
Hampus Lundqvist -
Hampus Lundqvist -
Jakub Hrozek -
Lukas Slebodnik