Hi
1.12.5 is now available in Debian Sid and has been backported for Ubuntu 14.04 on the ppa:
https://launchpad.net/~sssd/+archive/ubuntu/updates
feel free to give it a go.
Hello Timo,
Perfect timing, I was just starting testing of SSSD (v1.11.5) on Ubuntu 14.04 LTS last night.
Several quesitons, if you can assist as more familiar with (RHEL):
1) Ubuntu 14.04 - for modifying DNS nameserver, what is the correct place to start changes as there are resolvconf, dnsmasq, Network Manager ? DNS nameserver changes in Ubuntu completely mess me up.
2) Ubuntu 14.04 - Samba and winbind are installed, should they be removed before setting up SSSD?
3) SSSD 1.12.5 will be installed with "sudo apt-get install sssd"?
4) For automatic user directory creation, is the correct process to use oddjob_mkhomedir or pam_mkhomedir?
Frank
On Mon, Jun 15, 2015 at 3:05 PM, Timo Aaltonen tjaalton@ubuntu.com wrote:
Hi
1.12.5 is now available in Debian Sid and has been backported for Ubuntu 14.04 on the ppa:
https://launchpad.net/~sssd/+archive/ubuntu/updates
feel free to give it a go.
-- t _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Tue, Jun 16, 2015 at 02:34:38PM -0400, Frank Pikelner wrote:
- Ubuntu 14.04 - Samba and winbind are installed, should they be removed
before setting up SSSD?
You should pick one method for retrieving users and authenticating and stick with it. Mixing sssd and winbind might produce inconsistent results ie with ID mapping.
On 16.06.2015 21:34, Frank Pikelner wrote:
Hello Timo,
Perfect timing, I was just starting testing of SSSD (v1.11.5) on Ubuntu 14.04 LTS last night.
Several quesitons, if you can assist as more familiar with (RHEL):
- Ubuntu 14.04 - for modifying DNS nameserver, what is the correct
place to start changes as there are resolvconf, dnsmasq, Network Manager ? DNS nameserver changes in Ubuntu completely mess me up.
normally it comes from DCHP meaning you don't have to touch any files on the client (which uses network-manager by default)..
- Ubuntu 14.04 - Samba and winbind are installed, should they be
removed before setting up SSSD?
no
- SSSD 1.12.5 will be installed with "sudo apt-get install sssd"?
after enabling the ppa, yes
- For automatic user directory creation, is the correct process to
use oddjob_mkhomedir or pam_mkhomedir?
pam_oddjob_mkhomedir is not available in Ubuntu, so pam_mkhomedir
Hello Timo,
Just to follow up, I've been running SSSD 1.12.5 on Ubuntu 14.04 LTS using the AD provider without issues. For DNS the configuration was done in Network Manager (not /etc/resolv.conf as it is managed by resolvconf). The only issue I had was ensuring the /etc/hosts hostname entry matched FQDN hostname.
authentication working
pam_mkhomedir works
sudo works for AD users
Best,
Frank
On Thu, Jun 18, 2015 at 6:32 AM, Timo Aaltonen tjaalton@ubuntu.com wrote:
On 16.06.2015 21:34, Frank Pikelner wrote:
Hello Timo,
Perfect timing, I was just starting testing of SSSD (v1.11.5) on Ubuntu 14.04 LTS last night.
Several quesitons, if you can assist as more familiar with (RHEL):
- Ubuntu 14.04 - for modifying DNS nameserver, what is the correct
place to start changes as there are resolvconf, dnsmasq, Network Manager ? DNS nameserver changes in Ubuntu completely mess me up.
normally it comes from DCHP meaning you don't have to touch any files on the client (which uses network-manager by default)..
- Ubuntu 14.04 - Samba and winbind are installed, should they be
removed before setting up SSSD?
no
- SSSD 1.12.5 will be installed with "sudo apt-get install sssd"?
after enabling the ppa, yes
- For automatic user directory creation, is the correct process to
use oddjob_mkhomedir or pam_mkhomedir?
pam_oddjob_mkhomedir is not available in Ubuntu, so pam_mkhomedir
-- t _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Mon, Jun 22, 2015 at 10:11:28AM -0400, Frank Pikelner wrote:
Hello Timo,
Just to follow up, I've been running SSSD 1.12.5 on Ubuntu 14.04 LTS using the AD provider without issues. For DNS the configuration was done in Network Manager (not /etc/resolv.conf as it is managed by resolvconf). The only issue I had was ensuring the /etc/hosts hostname entry matched FQDN hostname.
authentication working
pam_mkhomedir works
sudo works for AD users
Perfect, thanks a lot for reporting the good news!
I wonder if there are parts in the setup that you think are worth writing up in some howto or tutorial? We have the SSSD+AD setup documented well on the wiki: https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server
But maybe there are some Ubuntu-specific tools you used to set up NSS and PAM?
Hello Jakob,
I've been documenting my configuration steps along the way with differences for each Linux distribution into a single document. The information has been taken from multiple HOWTO sites and I have been documenting sources in the appendix. The document is still a work in progress (currently working on getting SUSE 11 working), but I would be happy to share the document with anyone interested in providing feedback suggestions or simply wanting to use it for their own work.
The document is on Google Drive, please let me know a convenient format and I can provide.
Frank
On Mon, Jun 22, 2015 at 11:22 AM, Jakub Hrozek jhrozek@redhat.com wrote:
On Mon, Jun 22, 2015 at 10:11:28AM -0400, Frank Pikelner wrote:
Hello Timo,
Just to follow up, I've been running SSSD 1.12.5 on Ubuntu 14.04 LTS
using
the AD provider without issues. For DNS the configuration was done in Network Manager (not /etc/resolv.conf as it is managed by resolvconf).
The
only issue I had was ensuring the /etc/hosts hostname entry matched FQDN hostname.
authentication working
pam_mkhomedir works
sudo works for AD users
Perfect, thanks a lot for reporting the good news!
I wonder if there are parts in the setup that you think are worth writing up in some howto or tutorial? We have the SSSD+AD setup documented well on the wiki: https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server
But maybe there are some Ubuntu-specific tools you used to set up NSS and PAM? _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On (22/06/15 13:59), Frank Pikelner wrote:
Hello Jakob,
I've been documenting my configuration steps along the way with differences for each Linux distribution into a single document. The information has been taken from multiple HOWTO sites and I have been documenting sources in the appendix. The document is still a work in progress (currently working on getting SUSE 11 working), but I would be happy to share the document with anyone interested in providing feedback suggestions or simply wanting to use it for their own work.
Could you provide even the WIP version? We can review it and give some advices/hints how to improve/simplify it.
LS
Yes, can/will provide document. Just let me know how you prefer to get it.
On Mon, Jun 22, 2015 at 2:24 PM, Lukas Slebodnik lslebodn@redhat.com wrote:
On (22/06/15 13:59), Frank Pikelner wrote:
Hello Jakob,
I've been documenting my configuration steps along the way with
differences
for each Linux distribution into a single document. The information has been taken from multiple HOWTO sites and I have been documenting sources
in
the appendix. The document is still a work in progress (currently working on getting SUSE 11 working), but I would be happy to share the document with anyone interested in providing feedback suggestions or simply wanting to use it for their own work.
Could you provide even the WIP version? We can review it and give some advices/hints how to improve/simplify it.
LS _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
I've shared the WIP document with those that were interested. If anyone else would like to review/comments, please let me know and I'll share the document.
As the document may be useful to other, if you have an interesting setup, it may be useful to document your settings/configurations, especially with those that have large deployments.
On Mon, Jun 22, 2015 at 5:08 PM, Jakub Hrozek jhrozek@redhat.com wrote:
On Mon, Jun 22, 2015 at 03:28:50PM -0400, Frank Pikelner wrote:
Yes, can/will provide document. Just let me know how you prefer to get
it.
Feel free to send it as an attachment.
Or, for a more direct editing maybe we could use something like an etherpad/piratepad/etc? _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Wed, Jun 24, 2015 at 09:13:18PM -0400, Frank Pikelner wrote:
I've shared the WIP document with those that were interested. If anyone else would like to review/comments, please let me know and I'll share the document.
Yep, thanks, I added some notes.
As the document may be useful to other, if you have an interesting setup, it may be useful to document your settings/configurations, especially with those that have large deployments.
I'll add a tl;dr version of the reply to your private e-mail here: Thank you very much, your work is extremely useful. I would like to merge it at least partially with our existing AD provider document at: https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server
Hello Jakub,
By all means, please merge any portion of the document you feel is useful. I would like to keep expanding the document to include other distributions/configuraiton to make it easier for others to start using SSSD. My next step will be to learn and expand information on LDAP provider configuration as I see there are many using it.
Best,
Frank
On Thu, Jun 25, 2015 at 4:24 AM, Jakub Hrozek jhrozek@redhat.com wrote:
On Wed, Jun 24, 2015 at 09:13:18PM -0400, Frank Pikelner wrote:
I've shared the WIP document with those that were interested. If anyone else would like to review/comments, please let me know and I'll share the document.
Yep, thanks, I added some notes.
As the document may be useful to other, if you have an interesting setup, it may be useful to document your settings/configurations, especially
with
those that have large deployments.
I'll add a tl;dr version of the reply to your private e-mail here: Thank you very much, your work is extremely useful. I would like to merge it at least partially with our existing AD provider document at: https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Thu, Jun 25, 2015 at 08:39:28AM -0400, Frank Pikelner wrote:
Hello Jakub,
By all means, please merge any portion of the document you feel is useful. I would like to keep expanding the document to include other distributions/configuraiton to make it easier for others to start using SSSD. My next step will be to learn and expand information on LDAP provider configuration as I see there are many using it.
Hmm, do you plan on adding documentation on LDAP provider configured with AD server? Then we need to choose the wording carefully; I would say that should only be used with old SSSD versions or in situations where GSSAPI bind with keytab is not possible and you need to use simple bind with a DN and password..
sssd-users@lists.fedorahosted.org