Hello
Im searching for a solution to use shortnames for users from both FreeIPA(4.5) realm and a from a Trusted AD realm, I'm using Centos6.9 which has sssd 1.13.
I’m doing it for the centos7’s using domain resolution order in the IPA server.
Anyone has any suggestion on how to accomplish this on centos6?
BR Hampus
On Thu, Oct 19, 2017 at 08:41:42AM +0200, Hampus Lundqvist wrote:
Hello
Im searching for a solution to use shortnames for users from both FreeIPA(4.5) realm and a from a Trusted AD realm, I'm using Centos6.9 which has sssd 1.13.
I’m doing it for the centos7’s using domain resolution order in the IPA server.
Anyone has any suggestion on how to accomplish this on centos6?
It's not possible on Centos-6, sorry. You can either have shortnames for the IPA domain (the default) or use the default_domain_suffix to reverse the situation and qualify the IPA users.
Hi. Ok, thanks for the answer. I just tested installing the sssd-1.15.3-1.1.el6.x86_64 from the repository on copr. It started and seems to work, until I do a service sssd stop. It hangs and will not stop using the normal signals, any experience in how to to get that one working (is it possible at all?)
//H -----Original Message----- From: Jakub Hrozek [mailto:jhrozek@redhat.com] Sent: den 19 oktober 2017 09:12 To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: shortnames for 2 realms in Centos6
On Thu, Oct 19, 2017 at 08:41:42AM +0200, Hampus Lundqvist wrote:
Hello
Im searching for a solution to use shortnames for users from both FreeIPA(4.5) realm and a from a Trusted AD realm, I'm using Centos6.9 which has sssd 1.13.
I’m doing it for the centos7’s using domain resolution order in the IPA server.
Anyone has any suggestion on how to accomplish this on centos6?
It's not possible on Centos-6, sorry. You can either have shortnames for the IPA domain (the default) or use the default_domain_suffix to reverse the situation and qualify the IPA users. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
On Thu, Oct 19, 2017 at 07:28:53AM +0000, Hampus Lundqvist wrote:
Hi. Ok, thanks for the answer. I just tested installing the sssd-1.15.3-1.1.el6.x86_64 from the repository on copr. It started and seems to work, until I do a service sssd stop. It hangs and will not stop using the normal signals, any experience in how to to get that one working (is it possible at all?)
This is new to me, do the logs show anything?
Strace showed this on sssd when trying to stop: kill(4294949261, SIGTERM) = -1 ESRCH (No such process) wait4(18035, 0x7ffe42ce03ac, WNOHANG, NULL) = 0
And I found this: type=SYSCALL msg=audit(1508398680.127:110): arch=c000003e syscall=109 success=yes exit=0 a0=4715 a1=4715 a2=4715 a3=7fff08db5420 items=0 ppid=18196 pid=18197 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=2 comm="sssd" exe="/usr/sbin/sssd" subj=unconfined_u:system_r:sssd_t:s0 key=(null) type=AVC msg=audit(1508398680.127:110): avc: denied { setpgid } for pid=18197 comm="sssd" scontext=unconfined_u:system_r:sssd_t:s0 tcontext=unconfined_u:system_r:sssd_t:s0 tclass=process
ausearch -c 'sssd' --raw | audit2allow -M my-sssd require { type sssd_t; class process setpgid; }
#============= sssd_t ============== allow sssd_t self:process setpgid;
So I did: semodule -i my-sssd.pp and now it seems to work fine.
BR Hampus
-----Original Message----- From: Jakub Hrozek [mailto:jhrozek@redhat.com] Sent: den 19 oktober 2017 09:43 To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: shortnames for 2 realms in Centos6
On Thu, Oct 19, 2017 at 07:28:53AM +0000, Hampus Lundqvist wrote:
Hi. Ok, thanks for the answer. I just tested installing the sssd-1.15.3-1.1.el6.x86_64 from the repository on copr. It started and seems to work, until I do a service sssd stop. It hangs and will not stop using the normal signals, any experience in how to to get that one working (is it possible at all?)
This is new to me, do the logs show anything? _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
On (19/10/17 07:50), Hampus Lundqvist wrote:
Strace showed this on sssd when trying to stop: kill(4294949261, SIGTERM) = -1 ESRCH (No such process) wait4(18035, 0x7ffe42ce03ac, WNOHANG, NULL) = 0
And I found this: type=SYSCALL msg=audit(1508398680.127:110): arch=c000003e syscall=109 success=yes exit=0 a0=4715 a1=4715 a2=4715 a3=7fff08db5420 items=0 ppid=18196 pid=18197 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=2 comm="sssd" exe="/usr/sbin/sssd" subj=unconfined_u:system_r:sssd_t:s0 key=(null) type=AVC msg=audit(1508398680.127:110): avc: denied { setpgid } for pid=18197 comm="sssd" scontext=unconfined_u:system_r:sssd_t:s0 tcontext=unconfined_u:system_r:sssd_t:s0 tclass=process
And info/warning is displayed on copr front page https://copr.fedorainfracloud.org/coprs/g/sssd/sssd-1-15/
LS
sssd-users@lists.fedorahosted.org