October 2012 - sssd-users - Fedora Mailing-Lists

ldap_sasl_mech EXTERNAL and SSL client authc

by Michael Ströder

HI! Is it possible to use SASL/EXTERNAL when connecting to a LDAP server with StartTLS or LDAPS using client certs? In a project they have certs in all systems anyway (because of using puppet) and I'd like to let the sssd instances on all the systems authenticate to the LDAP server to restrict visibility of LDAP entries by ACL. I'd like to avoid having to set/configure passwords for each system's sssd. Ciao, Michael.

8 years, 8 months

5
22
0 / 0

A test repository with SSSD 1.9 for RHEL-6.3

by Jakub Hrozek

Hi, even though RHEL-6.4 is still brewing, I think there might be some interest in trying out the 1.9.x series of the SSSD on RHEL-6.3. So I went ahead and built the SSSD 1.9.2 in a RHEL-6.3 buildroot: http://repos.fedorapeople.org/repos/jhrozek/sssd/epel-6/ The NVR of these test packages will be lower than those in 6.4 to keep the upgrade path clean. The only missing functionality is the PAC responder, which means this SSSD version won't be able to work with an AD domain that is in a trust relationship with an IPA 3.x domain. I had to disable the PAC responder as it requires Kerberos 1.10. Because some new functionality required tweaking the SELinux policy, you will encounter AVC denials when the new fast cache is accessed. That said, my quick smoke testing went fine and we will be glad to hear test results or bug reports. Using the repository comes with a warning - this is NOT an official Red Hat supported repository. The packages have NOT gone through formal QA. If it breaks your RHEL-6.3 installation, you get to keep the pieces. This is the repo configuration I used: -------------------------- [sssd-1.9-RHEL6.3] name=SSSD 1.9.x built for latest stable RHEL baseurl=http://repos.fedorapeople.org/repos/jhrozek/sssd/epel-6/$basearch/ enabled=1 skip_if_unavailable=1 gpgcheck=0 [sssd-1.9-RHEL6.3-source] name=SSSD 1.9.x built for latest stable RHEL - Source baseurl=http://repos.fedorapeople.org/repos/jhrozek/sssd/epel-6/SRPMS enabled=0 skip_if_unavailable=1 gpgcheck=0 -------------------------- Happy testing!

10 years, 11 months

5
15
0 / 0

Re: [SSSD-users] startup problem

by Longina Przybyszewska

Hi again, Ubuntu-quantal - sssd-1.9.1 Can start sssd in interactive mode , but cannot start it from init scripts as a deamon with "-D -f -d3" options /etc/ssd/sssd.conf mode 600 longina -----Original Message----- From: sssd-users-bounces(a)lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Jakub Hrozek Sent: 18. oktober 2012 10:49 To: sssd-users(a)lists.fedorahosted.org Subject: Re: [SSSD-users] sssd and different repositories On Tue, Oct 16, 2012 at 01:25:00PM +0000, Longina Przybyszewska wrote: > Sure, but I guess with sssd it should be simpler ( if it is possible). > As me and Stephen said, with SSSD 1.9, the configuration is quite easy, no need for NIS. In combination with the realmd project, even joining the domain is quite simple. By the way here is our documentation on using the SSSD in an AD domain (that predates realmd): https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate... I just realized this document could have been better reachable from the front page so I also linked it from https://fedorahosted.org/sssd/wiki/Documentation _______________________________________________ sssd-users mailing list sssd-users(a)lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users

11 years, 1 month

5
14
0 / 0

sssd equivilent of nss_ldap nss_getgrent_skipmembers?

by Paul B. Henson

We're working on transitioning from RHEL5 to RHEL6 and have run into a bit of a problem with sssd and our ldap integration. We have a number of groups with a very large number of members, which took excessively long with nss_ldap to retrieve. We implemented the nss_getgrent_skipmembers feature for nss_ldap, got it accepted into the PADL upstream, talked Red Hat into backporting it, and have been using it for years. Basically, this feature allows you to not request the member attribute for a group lookup, the group shows up with no members. However, for the purposes of initgroups, membership is still taken into account and users belong to the correct groups. This works perfectly for our needs. Unfortunately, we have the exact same issue with sssd: # time getent group members [...] real 1m29.589s user 0m0.006s sys 0m0.003s # time getent group students [...] real 0m44.735s user 0m0.007s sys 0m0.002s # time id -a cpcrudo [...] real 2m14.719s In addition, any other lookups appear to be blocked during the delay, so the whole system is basically without naming services for minutes. Is there any way to emulate the behavior of nss_ldap with the nss_getgrent_skipmembers option enabled with sssd? If not, would there be any objection to adding such a feature? Thanks... -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | henson(a)csupomona.edu California State Polytechnic University | Pomona CA 91768

11 years, 1 month

4
14
0 / 0

Re: [SSSD-users] Different SSSD LDAP search filters for specific PAM services

by Tomas Brandysky

On 10/26/2012 11:41 AM, Jakub Hrozek wrote: > On Fri, Oct 26, 2012 at 11:10:45AM +0200, Tomas Brandysky wrote: >>> You can also use a comma-separated list in the ldap_access_order >>> parameter of sssd.conf and then define both service and host for a user. >>> >> >> this is not a solution because defining service for user in LDAP means >> to grant user access to this service not only on a particular server but >> on all servers the same user can access too (for example because of some >> other services). >> >> This is real scenario: >> >> - two servers both running openvpn and ssh services - both configured to >> authenticate users against LDAP >> >> - I want user "one" to have access to: >> - openvpn service on server1 >> - ssh service on server2 >> >> >> I'm not able to manage this with sssd even though I try it with comma- >> separated list in the ldap_access_order parameter. I don't think this >> scenario is so rare in other companies too. This is a quite common >> practice in larger companies maintaining dozens of servers and services >> to grant users access to specific services on specific servers only (as >> we can do easily with pam_ldap). >> >> I will be very surprised if many other companies won't request this >> feature being present in sssd if this is a new official way how to >> handle LDAP authentication in RHEL 6. >> >> >>> For a finer-grained access control, you probably want IPA's HBAC as >>> Sumit said. >> >> I got a look to at IPA's HBAC and it seems to be overkill to me. I can >> imagine such a solution in very large enterprises where kinda more >> sophisticated integrated security information management solution might >> come in handy. >> >> I think our company(as many others) will stick with "old" pam_ldap >> solution which was there working since RHEL4. At least until this >> feature is integrated to sssd. >> >> Tomas > > I'm sorry the current means of access control do not work for you. > > Unfortunately we have finite time and resources and the next 1.10 release > is already getting quite big. I would suggest raising a feature request > via the usual RHEL channels to bump the priority up. As we have valid RHEL support paid I will try to file such a request. > > Or, if you'd be willing to work with us and contribute a patch, I'll be > glad to help with getting you up to speed and getting the patch > accepted upstream. Thanks for making such a suggestion ;) but I'm not a developer not have time for that. I was just confronted with sssd in RHEL/Centos 6 as IT administrator and since I manage couple of production servers in midsize company using LDAP authentication and because I'm recently preparing our environment to move from Centos 5 to Centos 6 I was trying to find out how it's supposed to work "the new way". Tomas

11 years, 1 month

2
1
0 / 0

Re: [SSSD-users] Different SSSD LDAP search filters for specific PAM services

by Tomas Brandysky

On 10/25/2012 04:14 PM, Jakub Hrozek wrote: > On Thu, Oct 25, 2012 at 01:48:49PM +0200, Tomas Brandysky wrote: >> On 10/25/2012 11:36 AM, Sumit Bose wrote: >>> On Thu, Oct 25, 2012 at 10:36:05AM +0200, Tomas Brandysky wrote: >>>> Hello, >>>> >>>> we're upgrading from Centos 5.8 to Centos 6.3 and have realized few >>>> things have changed in the system. >>>> >>>> We're using LDAP authentication (nss_ldap package) on our Centos 5.8 >>>> servers and have different PAM ldap configuration files configured to be >>>> used for specific PAM services at the moment. >>>> >>>> Here is the example of our setup: >>>> >>>> /etc/pam.d/service1: >>>> auth sufficient pam_ldap.so config=/etc/ldap_service1.conf >>>> >>>> /etc/pam.d/service2: >>>> auth sufficient pam_ldap.so config=/etc/ldap_service2.conf >>>> >>>> Thus we can use specific LDAP filters for various different services as >>>> not all users having access to one service also have access to other >>>> services on the same server. >>>> >>>> Now we're facing the problem to manage the same functionality with >>>> System Security Services Daemon (SSSD) which was newly presented with >>>> RHEL 6. >>>> >>>> We didn't find out so far how to specify custom sssd configuration file >>>> (or specific part of the configuration section/domain) in PAM service >>>> configuration. According to documentation only these options can be >>>> specified when using pam_sss module: [forward_pass] [use_first_pass] >>>> [use_authtok]. >>>> >>>> None of them can be used to make a difference in a ldap filter to be used. >>>> >>>> Is there a way how to configure specific search filters depending on PAM >>>> service ? >>>> >>>> Thank you for any suggestion >>> >>> I think what you are looking for is covered in >>> https://fedorahosted.org/sssd/ticket/1021. >>> >> >> yes, that's exactly what I miss in sssd. >> I'm surprised such a feature isn't supported yet as the same goal could >> be accomplished in RHEL4/5 releases with older methods. I see this as a >> step back. Is there some real possibility to have this feature in some >> later release which could come as update in RHEL 6 ? > > I don't think we are tracking this feature request for RHEL6. If > you need the functionality in RHEL6, feel to propose it through the > support. > >> >>> If you only want to allow/deny access for specific users to specific >>> service you can add an attribute to the user objects in the LDAP server >>> listing the allowed PAM services and use ldap_user_authorized_service. >>> See sssd-ldap man page for details. >> >> I know about ldap_user_authorized_service but I need to specify a >> combination of service and host access. I can't effort to grant users >> access to ssh service globaly when they can access ssh only on some of >> dozens servers we have. >> > > You can also use a comma-separated list in the ldap_access_order > parameter of sssd.conf and then define both service and host for a user. > this is not a solution because defining service for user in LDAP means to grant user access to this service not only on a particular server but on all servers the same user can access too (for example because of some other services). This is real scenario: - two servers both running openvpn and ssh services - both configured to authenticate users against LDAP - I want user "one" to have access to: - openvpn service on server1 - ssh service on server2 I'm not able to manage this with sssd even though I try it with comma- separated list in the ldap_access_order parameter. I don't think this scenario is so rare in other companies too. This is a quite common practice in larger companies maintaining dozens of servers and services to grant users access to specific services on specific servers only (as we can do easily with pam_ldap). I will be very surprised if many other companies won't request this feature being present in sssd if this is a new official way how to handle LDAP authentication in RHEL 6. > For a finer-grained access control, you probably want IPA's HBAC as > Sumit said. I got a look to at IPA's HBAC and it seems to be overkill to me. I can imagine such a solution in very large enterprises where kinda more sophisticated integrated security information management solution might come in handy. I think our company(as many others) will stick with "old" pam_ldap solution which was there working since RHEL4. At least until this feature is integrated to sssd. Tomas

11 years, 1 month

2
1
0 / 0

Re: [SSSD-users] Different SSSD LDAP search filters for specific PAM services

by Tomas Brandysky

On 10/25/2012 11:36 AM, Sumit Bose wrote: > On Thu, Oct 25, 2012 at 10:36:05AM +0200, Tomas Brandysky wrote: >> Hello, >> >> we're upgrading from Centos 5.8 to Centos 6.3 and have realized few >> things have changed in the system. >> >> We're using LDAP authentication (nss_ldap package) on our Centos 5.8 >> servers and have different PAM ldap configuration files configured to be >> used for specific PAM services at the moment. >> >> Here is the example of our setup: >> >> /etc/pam.d/service1: >> auth sufficient pam_ldap.so config=/etc/ldap_service1.conf >> >> /etc/pam.d/service2: >> auth sufficient pam_ldap.so config=/etc/ldap_service2.conf >> >> Thus we can use specific LDAP filters for various different services as >> not all users having access to one service also have access to other >> services on the same server. >> >> Now we're facing the problem to manage the same functionality with >> System Security Services Daemon (SSSD) which was newly presented with >> RHEL 6. >> >> We didn't find out so far how to specify custom sssd configuration file >> (or specific part of the configuration section/domain) in PAM service >> configuration. According to documentation only these options can be >> specified when using pam_sss module: [forward_pass] [use_first_pass] >> [use_authtok]. >> >> None of them can be used to make a difference in a ldap filter to be used. >> >> Is there a way how to configure specific search filters depending on PAM >> service ? >> >> Thank you for any suggestion > > I think what you are looking for is covered in > https://fedorahosted.org/sssd/ticket/1021. > yes, that's exactly what I miss in sssd. I'm surprised such a feature isn't supported yet as the same goal could be accomplished in RHEL4/5 releases with older methods. I see this as a step back. Is there some real possibility to have this feature in some later release which could come as update in RHEL 6 ? > If you only want to allow/deny access for specific users to specific > service you can add an attribute to the user objects in the LDAP server > listing the allowed PAM services and use ldap_user_authorized_service. > See sssd-ldap man page for details. I know about ldap_user_authorized_service but I need to specify a combination of service and host access. I can't effort to grant users access to ssh service globaly when they can access ssh only on some of dozens servers we have. > > If you want more fine grained access control you might want to have a > look at the FreeIPA HBAC rules. ok, I've not heard about this. Will check it out. Thank you Tomas > > HTH > > bye, > Sumit > >> >> Regards >> >> Tomas Brandysky >> _______________________________________________ >> sssd-users mailing list >> sssd-users(a)lists.fedorahosted.org >> https://lists.fedorahosted.org/mailman/listinfo/sssd-users > _______________________________________________ > sssd-users mailing list > sssd-users(a)lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-users >

11 years, 1 month

3
2
0 / 0

Different SSSD LDAP search filters for specific PAM services

by Tomas Brandysky

Hello, we're upgrading from Centos 5.8 to Centos 6.3 and have realized few things have changed in the system. We're using LDAP authentication (nss_ldap package) on our Centos 5.8 servers and have different PAM ldap configuration files configured to be used for specific PAM services at the moment. Here is the example of our setup: /etc/pam.d/service1: auth sufficient pam_ldap.so config=/etc/ldap_service1.conf /etc/pam.d/service2: auth sufficient pam_ldap.so config=/etc/ldap_service2.conf Thus we can use specific LDAP filters for various different services as not all users having access to one service also have access to other services on the same server. Now we're facing the problem to manage the same functionality with System Security Services Daemon (SSSD) which was newly presented with RHEL 6. We didn't find out so far how to specify custom sssd configuration file (or specific part of the configuration section/domain) in PAM service configuration. According to documentation only these options can be specified when using pam_sss module: [forward_pass] [use_first_pass] [use_authtok]. None of them can be used to make a difference in a ldap filter to be used. Is there a way how to configure specific search filters depending on PAM service ? Thank you for any suggestion Regards Tomas Brandysky

11 years, 1 month

2
1
0 / 0

Re: [SSSD-users] sssd and different repositories

by Longina Przybyszewska

Sure, but I guess with sssd it should be simpler ( if it is possible). Longina From: sssd-users-bounces(a)lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Ondrej Valousek Sent: 16. oktober 2012 14:55 To: sssd-users(a)lists.fedorahosted.org Subject: Re: [SSSD-users] sssd and difrent repositories Yes, you can use your existing NIS servers for authorization AND use Kerberos for authentication - no need for sssd here. You just need to make sure all users in your NIS passwd table have also accounts in AD. Ondrej On 10/16/2012 02:25 PM, Longina Przybyszewska wrote: HI, Thanks, but actually I asked if I can use _Linux NIS_ server for authorization. You say I have to move NIS maps into AD and use Windows NIS – that means “no” ?. . All users at my site have accounts in AD, and in addition, Linux users have Linux accounts in respective NIS domains. In AD there are 3 domains for users accounts, in Linux, several other. Can WINdows NIS manage multi domains? I am not able to perform migration, as we have the Windows team dealing with MSWins and have to wait until they WILL do that. I have admin credentials but am not authorized to more than create user and computer account. Saying so – is there anything I can do now with sssd, in the existing env ironment, to improve authentication on Linux (using AD Kerberos for authentication and existing linux NIS server for the rest) ??? Best regards Longina Przybyszewska Systemprogrammør, IT Services Tel. +45 6550 2359 Mobile +45 6011 2359 Fax +45 6550 2467 Email longina(a)sdu.dk<mailto:longina@sdu.dk> Web http://www.sdu.dk/ansat/longina Addr. Campusvej 55, DK-5230 Odense M, Denmark [Description: C:\Documents and Settings\longina\Application Data\Microsoft\Signaturer\sduemaillogoUK.jpg] ________________________________ Campusvej 55 · DK-5230 Odense M · Denmark · Tel. +45 6550 1000 · www.sdu.dk<http://www.sdu.dk/> From: sssd-users-bounces(a)lists.fedorahosted.org<mailto:sssd-users-bounces@lists.fedorahosted.org> [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Ondrej Valousek Sent: 16. oktober 2012 13:14 To: End-user discussions about the System Security Services Daemon Subject: Re: [SSSD-users] sssd and difrent repositories Yes, it is. sssd will do the first task for you and for the second you need to install IDMU (Identity mgmt for Unix) and its migration assistant to migrate your maps into AD. Just note you will need Windows server 2003 R2 or newer for this (older AD schema is incompatible w/ sssd). Ondrej On 10/16/2012 12:21 PM, Longina Przybyszewska wrote: Hi list, I am going to set up proof-of -concept installation of Ubuntu (Precise) client/server using sssd to authenticate/authorize against Active Directory. At this moment everything seems to be a challenge - as I am exclusive (ok ;-) almost exclusive... ) hard core Linux user. As our Windows team is not ready with AD schema for Unix - my first exercise could be -get login/ssh authenticate (and change passwd) against AD -get uid/gid/auto.home map/shell from existing Linux NIS server Is my plan realistic ? Best regards Longina Przybyszewska Systemprogrammør, IT Services Tel. +45 6550 2359 Mobile +45 6011 2359 Fax +45 6550 2467 Email longina(a)sdu.dk<mailto:longina@sdu.dk> Web http://www.sdu.dk/ansat/longina Addr. Campusvej 55, DK-5230 Odense M, Denmark UNIVERSITY OF SOUTHERN DENMARK _______________________________________________________________ Campusvej 55 * DK-5230 * Odense M * Denmark * Tel. +45 6550 1000 * www.sdu.dk<http://www.sdu.dk> -----Original Message----- From: sssd-users-bounces(a)lists.fedorahosted.org<mailto:sssd-users-bounces@lists.fedorahosted.org> [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Jakub Hrozek Sent: 12. oktober 2012 22:40 To: sssd-devel(a)lists.fedorahosted.org<mailto:sssd-devel@lists.fedorahosted.org>; sssd-users(a)lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>; freeipa-interest(a)redhat.com<mailto:freeipa-interest@redhat.com> Subject: [SSSD-users] Announcing SSSD 1.9.2 === SSSD 1.9.2 === The SSSD team is proud to announce the release of version 1.9.2 of the System Security Services Daemon. This is mostly a bugfix release again. I am going to branch off the 1.9 branch from master so that we can start including the 1.10 features in master. As always, the source is available from https://fedorahosted.org/sssd RPM packages will be made available for Fedora shortly, initially for F-18 and rawhide and later also backported to F-17. == Feedback == Please provide comments, bugs and other feedback via the sssd-devel or sssd-users mailing lists: https://lists.fedorahosted.org/mailman/listinfo/sssd-devel https://lists.fedorahosted.org/mailman/listinfo/sssd-users == Highlights == * Users or groups from trusted domains can be retrieved by UID or GID as well * Several fixes that mitigate file descriptor leak during logins * SSH host keys are also removed from the cache after being removed from the server * Fix intermittent crash in responders if the responder was shutting down while requests were still pending * Catch an error condition that might have caused a tight loop in the sssd_nss process while refreshing expired enumeration request * Fixed memory hierarchy of subdomains discovery requests that caused use-after-free access bugs * The krb5_child and ldap_child processes can print libkrb5 tracing information in the debug logs == Tickets Fixed == https://fedorahosted.org/sssd/ticket/1008 Make sssd api conf file location configurable https://fedorahosted.org/sssd/ticket/1319 group lookups optimizations for IPA https://fedorahosted.org/sssd/ticket/1499 Add details about TGT validation to sssd-krb5 man page https://fedorahosted.org/sssd/ticket/1512 [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist https://fedorahosted.org/sssd/ticket/1514 [abrt] sssd-1.8.4-13.fc16: __GI_exit: Process /usr/libexec/sssd/sssd_pam was killed by signal 6 (SIGABRT) https://fedorahosted.org/sssd/ticket/1539 Collect Krb5 Trace on High Debug Levels https://fedorahosted.org/sssd/ticket/1551 sssd_nss process hangs, stuck in loop; "self restart" does recover, but old process hangs around using 100% CPU https://fedorahosted.org/sssd/ticket/1561 getting user/group entry by uid/gid sometimes fails https://fedorahosted.org/sssd/ticket/1569 Use pam_set_data to close the fd in the pam module https://fedorahosted.org/sssd/ticket/1571 sssd_nss intermittent crash https://fedorahosted.org/sssd/ticket/1574 SSH host keys are not being removed from the cache == Packaging Changes == * The libsss_sudo-devel package no longer contains the package-config file. The libsss_sudo-devel shared object has been moved to the libsss_sudo package. == Detailed Changelog == E Deon Lackey (1): * Fix language errors in the sssd-krb5.conf man page Jakub Hrozek (14): * Bumping the version to 1.9.1 release * Fix uninitialized pointer read in ssh_host_pubkeys_update_known_hosts * Fix segfault when ID-mapping an entry without a SID * Fix memory hierarchy in subdomains discovery * PAM: close socket fd with pam_set_data * Couple of specfile fixes * Remove libsss_sudo.pc and move libsss_sudo.so to libsss_sudo * Two fixes to child processes * Collect krb5 trace on high debug levels * PAM: fix handling the client fd in pam destructor * Create ghost users when a user DN is encountered in IPA * Only call krb5_set_trace_callback on platforms that support it * MAN: improve wording of default_domain parameter * Updating the translations for the 1.9.2 release Jan Cholasta (1): * SSH: When host keys are removed from LDAP, remove them from the cache as well Ondrej Kos (1): * Add more info about ticket validation Pavel Březina (3): * do not fail if POLLHUP occurs while reading data * do not call dp callbacks when responder is shutting down * nss_cmd_retpwent(): do not go into infinite loop if n < 0 Sumit Bose (3): * Save time of last get_domains request * Check for subdomains if getpwuid or getgrgid are the first requests * Allow extdom exop to return flat domain name as well Thorsten Scherf (1): * Fixed: translation bug Yuri Chornoivan (1): * Fix typos _______________________________________________ sssd-users mailing list sssd-users(a)lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org> https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users(a)lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org> https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users(a)lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org> https://lists.fedorahosted.org/mailman/listinfo/sssd-users

11 years, 1 month

2
1
0 / 0

Active Directory Integration test day coming up on Thursday, 2012-10-18

by Jakub Hrozek

Hi, The Fedora Test day scheduled for Thursday, October 18th is focused on Active Directory integration, in particular the realmd project and to some extent the Active Directory provider of the SSSD. This test day should be of particular interest to admins who manage Linux boxes enrolled in an Active Directory domain. As usual, join us in #fedora-test-day on FreeNode IRC. All the test instructions are on the wiki: https://fedoraproject.org/wiki/Test_Day:2012-10-18_Active_Directory See the full feature page at if you'd like to learn more about the feature: http://fedoraproject.org/wiki/Features/ActiveDirectory If you are interested and have the spare cycles, please join us during this Fedora Test day and help us make sure that Fedora 18 works with Active Directory out of the box!

11 years, 1 month

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

sssd-users October 2012