Hi there,
I am new to sssd. I have setup a CentOS sssd (1.8.0) and
LDAP authentication. The LDAP stuff seems to work. I want
to restrict logins to users of certain netgroups. Usually
we do this with "compat" in /etc/nsswitch.conf and entries
like "+@groupname" in /etc/passwd.
Does this mechanism work with sssd? Right now I have:
passwd: files sss
shadow: files sss
group: files sss
and it seems that all users from the users LDAP subtree could
login, "getent passwd" shows all LDAP users.
If I change this to
passwd: compat
shadow: compat
group: compat
passwd_compat: sss
group_compat: sss
"getent passwd" only shows local users from the passwd file.
Thanks for any help,
Olaf
--
Olaf Gellert email gellert(a)dkrz.de
Deutsches Klimarechenzentrum GmbH phone +49 (0)40 460094 214
Bundesstrasse 45a fax +49 (0)40 460094 270
D-20146 Hamburg, Germany www
http://www.dkrz.de
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Prof. Dr. Thomas Ludwig
Registergericht: Amtsgericht Hamburg, HRB 39784