SSSD AD authentication and ubuntu 18.04

Jame_s

has anybody got this working?
from a clean install i followed this link
https://help.ubuntu.com/lts/serverguide/sssd-ad.html
and i have getent passwd working but when i try to su to the user it just stops. if i restart the sssd service it will cause su to return
su: Authentication service cannot retrieve authentication info.
any ideas anybody?

Obsolesce

It works great in Fedora as of today. Just not with Samba.

Something with something broke recently... with Samba not starting when joined to an MS AD Domain with SSSD, causing me to switch from SSSD to Winbind.

Jame_s

what a waste of time. i canned it and went with centrify express, worked 1st time.

Obsolesce

@jame_s said in SSSD AD authentication and ubuntu 18.04:

what a waste of time. i canned it and went with centrify express, worked 1st time.

Yeah third party software works. I used to use PowerBrokers Identity Services from BeyondTrust... that worked great...

But, it's third party non-open source software.

Now I simply use realmd and winbind:
https://www.timothygruber.com/linux/samba-file-server-with-microsoft-ad/#Install_Packages

Very easy to do and I know winbind is reliable. The issues I had before was with SSSD, which there's really no benefit over Winbind.

pmoncho

@obsolesce said in SSSD AD authentication and ubuntu 18.04:

@jame_s said in SSSD AD authentication and ubuntu 18.04:

what a waste of time. i canned it and went with centrify express, worked 1st time.

Yeah third party software works. I used to use PowerBrokers Identity Services from BeyondTrust... that worked great...

But, it's third party non-open source software.

Now I simply use realmd and winbind:
https://www.timothygruber.com/linux/samba-file-server-with-microsoft-ad/#Install_Packages

Were you able to get nested groups from AD to work properly on the Samba shares without PowerBroker's software?

Side-note - I never did get a chance to play with that. To much upgrading over the last few months.

Obsolesce

@pmoncho said in SSSD AD authentication and ubuntu 18.04:

@obsolesce said in SSSD AD authentication and ubuntu 18.04:

@jame_s said in SSSD AD authentication and ubuntu 18.04:

what a waste of time. i canned it and went with centrify express, worked 1st time.

Yeah third party software works. I used to use PowerBrokers Identity Services from BeyondTrust... that worked great...

But, it's third party non-open source software.

Now I simply use realmd and winbind:
https://www.timothygruber.com/linux/samba-file-server-with-microsoft-ad/#Install_Packages

Were you able to get nested groups from AD to work properly on the Samba shares without PowerBroker's software?

Side-note - I never did get a chance to play with that. To much upgrading over the last few months.

Yes nested groups work in Samba.

What does it show if you enter the command: id [email protected]?

pmoncho

@obsolesce said in SSSD AD authentication and ubuntu 18.04:

@pmoncho said in SSSD AD authentication and ubuntu 18.04:

@obsolesce said in SSSD AD authentication and ubuntu 18.04:

@jame_s said in SSSD AD authentication and ubuntu 18.04:

what a waste of time. i canned it and went with centrify express, worked 1st time.

Yeah third party software works. I used to use PowerBrokers Identity Services from BeyondTrust... that worked great...

But, it's third party non-open source software.

Now I simply use realmd and winbind:
https://www.timothygruber.com/linux/samba-file-server-with-microsoft-ad/#Install_Packages

Were you able to get nested groups from AD to work properly on the Samba shares without PowerBroker's software?

Side-note - I never did get a chance to play with that. To much upgrading over the last few months.

Yes nested groups work in Samba.

What does it show if you enter the command: id [email protected]?

I don't have that server running at the moment but will check as soon as I can.

pmoncho

@obsolesce said in SSSD AD authentication and ubuntu 18.04:

@pmoncho said in SSSD AD authentication and ubuntu 18.04:

@obsolesce said in SSSD AD authentication and ubuntu 18.04:

@jame_s said in SSSD AD authentication and ubuntu 18.04:

what a waste of time. i canned it and went with centrify express, worked 1st time.

Yeah third party software works. I used to use PowerBrokers Identity Services from BeyondTrust... that worked great...

But, it's third party non-open source software.

Now I simply use realmd and winbind:
https://www.timothygruber.com/linux/samba-file-server-with-microsoft-ad/#Install_Packages

Were you able to get nested groups from AD to work properly on the Samba shares without PowerBroker's software?

Side-note - I never did get a chance to play with that. To much upgrading over the last few months.

Yes nested groups work in Samba.

What does it show if you enter the command: id [email protected]?

Booted up the server yesterday and it only has ubuntu 16.04.
id [email protected] - no such user

I am going to use your notes and build a new server with Fedora and see if I have any sticking points.

Ultimate goal - We use a linux fax server that puts pdf's into each users folder on the share based on the phone number. I am trying to figure out how lock down each users folder using RBAC with nested groups from AD. If that's possible at all.

Trying to move away from Windows in the future. Don't know how successful I will be.