BSI wiki

User Tools

Site Tools

Trace: mise_en_place_de_sssd
mise_en_place_de_sssd

This is an old revision of the document!

Bascule de l’authentification sur sssd

dixit Guillaume Seith “ça permet d’avoir un cache local des utilisateurs. Comme ça, même si les serveurs d’authentifications ne sont pas joignables ça ne pose pas de problème.”

La “home directory” est toujours sous labo4

Voici les manipulations de Guillaume :

  1. Création du fichier /etc/sssd/sssd.conf (le fichier d'une machine existante)
  2. apt-get remove libnss-ldap
  3. apt-get install sssd oddjob-mkhomedir
  4. ajouter sss comme source pour login et mot de passe dans /etc/nsswitch.conf
  5. vérifier que dans le fichier /etc/pam.d/common-session la ligne suivante a été supprimé ou est en commentaire : session required pam_mkhomedir.so umask=0022 skel=/etc/skel

============================================= /etc/nsswitch.conf

# # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Valid entries include: # # nisplus Use NIS+ (NIS version 3) # nis Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far #

# To use db, put the “db” in front of “files” for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis

passwd: files ldap sss shadow: files ldap sss group: files ldap sss

#hosts: db files nisplus nis dns hosts: files dns

# Example - obey only what nisplus tells us… #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files netmasks: files networks: files protocols: files rpc: files services: files sss

netgroup: nisplus sss

publickey: nisplus

automount: files ldap #automount: files aliases: files nisplus

sudoers: files sss

============================================= /etc/sssd/sssd.conf

============================================= /etc/pam.d/common-session

mise_en_place_de_sssd.1485516901.txt.gz · Last modified: (external edit)