https://www.bencode.io/tags/nss/ Recent content in Nss on Benny Simmonds Hugo -- 0.149.1 en-us Fri, 04 Jan 2019 11:10:10 +0000 https://www.bencode.io/posts/2019-01-04-directory-services/ Fri, 04 Jan 2019 11:10:10 +0000 https://www.bencode.io/posts/2019-01-04-directory-services/ <p>Providing SSO by integrating Linux (or FreeBSD) with a directory service, like Microsoft Active Directory (AD), is no where as daunting as it once was, and highlights some fascinating subsystems that enable users to be defined from a variety of data sources (such as LDAP) other than just the traditional <code>/etc/passwd</code> file.</p> <ul> <li><a href="#initial-setup">Initial setup</a></li> <li><a href="#kerberos">Kerberos</a> <ul> <li><a href="#create-service-keytab-on-ad">Create service keytab on AD</a></li> </ul> </li> <li><a href="#system-security-services-daemon-sssd">System Security Services Daemon (sssd)</a></li> <li><a href="#name-service-switch-nss">Name Service Switch (nss)</a></li> <li><a href="#pam-pluggable-authentication-module">PAM (Pluggable Authentication Module)</a></li> <li><a href="#testing">Testing</a> <ul> <li><a href="#listing-users">Listing Users</a></li> <li><a href="#listing-groups">Listing Groups</a></li> <li><a href="#id">id</a></li> </ul> </li> <li><a href="#troubleshooting">Troubleshooting</a> <ul> <li><a href="#samba-smbd-join-issues">Samba (smbd) Join Issues</a></li> <li><a href="#clock-synchronisation-issues">Clock Synchronisation Issues</a></li> <li><a href="#clearing-sssd-cache">Clearing SSSD Cache</a></li> </ul> </li> <li><a href="#end-to-end-script-for-ansible">End to end script (for Ansible)</a></li> </ul> <h1 id="initial-setup">Initial setup</h1> <p>Update <code>/etc/resolv.conf</code> to bind to the AD DNS server. This will enable <code>realmd</code> to discover and join the active directory domain (i.e. kerberos realm).</p>