#3590 proxy to files does not work with implicit_files_domain
Closed: Fixed 2 years ago Opened 2 years ago by lslebodn.

Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1479283

Description of problem:

Please, update blog post:

I upgraded from F25 to F26 and I needed workaround for automatic kinit after

Version-Release number of selected component (if applicable):

My workaround:

If you have the same name of your local user as your kerberos user,
you can use this configuration of SSSD to reach atomatic `kinit` during
login proccess.

$ cat /etc/sssd/sssd.conf
domains = redhat.com
config_file_version = 2
services = nss,pam,ifp
default_domain_suffix = redhat.com

#debug_level = 10

id_provider = proxy
proxy_lib_name = files

auth_provider = krb5
krb5_server = kerberos01.core.prod.int.ams2.redhat.com:88
krb5_realm = REDHAT.COM
krb5_store_password_if_offline = True

cache_credentials = True

Setup pam stack:
$ authconfig --enablenis --enablesssd --enablesssdauth --update

And reset SSSD:
$ systemctl restart sssd

When Lukas Slebodnik asked me for crating this BZ, he would like to see:
$ cat /etc/nsswitch.conf
# /etc/nsswitch.conf
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
# Valid entries include:
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       db                      Use the local database (.db) files
#       compat                  Use NIS on compat mode
#       hesiod                  Use Hesiod for user lookups
#       [NOTFOUND=return]       Stop searching if not found so far

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:      files nis sss systemd
shadow:     files nis sss
group:       files nis sss systemd
#initgroups: files

#hosts:     db files nisplus nis dns
hosts:      files mdns4_minimal [NOTFOUND=return] nis dns myhostname

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   files nis sss

publickey:  nisplus

automount:  files nis sss
aliases:    files nisplus

Metadata Update from @lslebodn:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1479283

2 years ago

Metadata Update from @lslebodn:
- Issue set to the milestone: None

2 years ago

Metadata Update from @lslebodn:
- Issue tagged with: PR

2 years ago

Metadata Update from @lslebodn:
- Custom field version adjusted to 1.15.1

2 years ago

Metadata Update from @lslebodn:
- Issue close_status updated to: Fixed
- Issue set to the milestone: SSSD 1.16.1

2 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4613

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.