Differences

This shows you the differences between two versions of the page.

--- linux:pam_users [2021/01/22 19:43]
manu created
+++ linux:pam_users [2022/11/07 16:28] (current)
manu
@@ Line 1: / Line 1: @@
 ====== Config PAM on linux ======
-Debug PAM:
+==== Example of sssd.conf file ====
+<cli prompt='#'>
+[root@LINUX10 ~]# cat /etc/sssd/sssd.conf
+[sssd]
+default_domain_suffix = ad.domain.lu
+domains = ad.domain.lu
+config_file_version = 2
+services = nss, pam
+[domain/ad.domain.lu]
+ad_domain = ad.domain.lu
+krb5_realm = AD.DOMAIN.LU
+realmd_tags = manages-system joined-with-adcli
+cache_credentials = True
+id_provider = ad
+krb5_store_password_if_offline = True
+default_shell = /bin/bash
+ldap_id_mapping = True
+use_fully_qualified_names = True
+fallback_homedir = /home/%u@%d
+access_provider = simple
+simple_allow_groups = LINUX-ALL-SUDO@ad.domain.lu, LINUX-MYSQL-USER@ad.domain.lu
+</cli>
+==== Debug PAM: ====
+=== 1° solution ===
+Add to the end of file **/etc/sssd/sssd.conf** the following lines
+<cli>
+[pam]
+debug_level = 9
+</cli>
+Logs are located into /var/log/sssd/, and also /var/log/secure
+=== 2° solution ===
 Add debug to /etc/pam.d/*
@@ Line 9: / Line 48: @@
 *.debug      /var/log/debug.log
+==== start SSSD in debug ====
+<cli prompt='#'>
+# sssd -d4
+[sssd] [ldb] (3): server_sort:Unable to register control with rootdse!
+[sssd] [confdb_get_domains] (0): No domains configured, fatal error!
+[sssd] [get_monitor_config] (0): No domains configured.
+</cli>
+==== Check SElinux config ====
+https://jfearn.fedorapeople.org/fdocs/en-US/Fedora_Draft_Documentation/0.1/html/System_Administrators_Guide/SSSD-Troubleshooting.htmlhttps://jfearn.fedorapeople.org/fdocs/en-US/Fedora_Draft_Documentation/0.1/html/System_Administrators_Guide/SSSD-Troubleshooting.html
+==== Clear sssd cache ====
+To clear sssd cache for single user
+<cli promt='#'>
+# sss_cache -u user1
+</cli>
+To clear sssd cache for all users
+<cli promt='#'>
+# sss_cache -E
+</cli>
+==== Delete sssd cache ====
+Before doing this it is suggested that the SSSD service be stopped.
+<cli promt='#'>
+# systemctl stop sssd
+</cli>
+After this we want to delete all files within the /var/lib/sss/db/ directory.
+<cli promt='#'>
+# rm -rf /var/lib/sss/db/*
+</cli>
+Once complete we can start SSSD back up again.
+<cli promt='#'>
+# systemctl restart sssd
+</cli>
+==== Use AD UID and GID ====
+By default, the AD provider will map UID and GID values from the objectSID parameter in Active Directory.
+For details on this, see the “ID MAPPING” section below.
+If you want to disable ID mapping and instead rely on POSIX attributes defined in Active Directory, you should set
+  ldap_id_mapping = False
+SSSD configuration would depend on what attributes are used in AD. The defaults for UID and GID are **uidNumber** and **gidNumber**, but some defaults change based on which version of SSSD you are running. Check the manpage for the release you are using.

wiki

User Tools

Site Tools

Differences

Page Tools