mastodontech.de ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Offen für alle (über 16) und bereitgestellt von Markus'Blog

Serverstatistik:

1,4 Tsd.
aktive Profile

#sssd

0 Beiträge0 Beteiligte0 Beiträge heute
Strypey<p>I'm <a href="https://mastodon.nzoss.nz/tags/listening" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>listening</span></a> to the latest mix from SSSD (kia ora e hoa!);</p><p><a href="https://www.freefm.org.nz/Programmes/Details.aspx?PID=97468cee-0f3c-4451-952a-8d2473baa59e" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">freefm.org.nz/Programmes/Detai</span><span class="invisible">ls.aspx?PID=97468cee-0f3c-4451-952a-8d2473baa59e</span></a></p><p>He drops a sample from a rah-rah post-WW2 film uses the phrase "future citizen's" to describe children in public education. That's some aspirational language. We could use a bit of that.</p><p>(2/?)</p><p><a href="https://mastodon.nzoss.nz/tags/podcasts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>podcasts</span></a> <a href="https://mastodon.nzoss.nz/tags/FreeFM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeFM</span></a> <a href="https://mastodon.nzoss.nz/tags/Deep" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Deep</span></a>#InSessioNZ <a href="https://mastodon.nzoss.nz/tags/SSSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSSD</span></a> <a href="https://mastodon.nzoss.nz/tags/music" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>music</span></a> <a href="https://mastodon.nzoss.nz/tags/electronic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>electronic</span></a></p>
ADMIN magazine<p>ICYMI: <span class="h-card" translate="no"><a href="https://fosstodon.org/@tscherf" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tscherf</span></a></span> examines Winbind v4.17 and how the logging service has improved the ability of Linux systems to join an Active Directory domain<br><a href="https://www.admin-magazine.com/Archive/2024/83/Improved-logging-in-Samba-Winbind" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">admin-magazine.com/Archive/202</span><span class="invisible">4/83/Improved-logging-in-Samba-Winbind</span></a><br><a href="https://hachyderm.io/tags/Samba" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Samba</span></a> <a href="https://hachyderm.io/tags/Windbind" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windbind</span></a> <a href="https://hachyderm.io/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://hachyderm.io/tags/ActiveDirectory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ActiveDirectory</span></a> <a href="https://hachyderm.io/tags/SSSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSSD</span></a> <a href="https://hachyderm.io/tags/tools" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tools</span></a> <a href="https://hachyderm.io/tags/NSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NSS</span></a></p>
Sven Geggus<p><a href="https://karlsruhe-social.de/tags/sssd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sssd</span></a> anybody? Is it possible to tell the daemon that the TGT provider is now online eg. after VPN has been connected?</p>
Howard Chu @ Symas<p><span class="h-card" translate="no"><a href="https://mamot.fr/@CyrilBrulebois" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>CyrilBrulebois</span></a></span> &gt;While <a href="https://mastodon.social/tags/sssd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sssd</span></a> supports settings for the CA certs directory, those aren't actually used</p><p>Sounds like an sssd bug, they could easily use ldap_set_option() to make libldap use their CA cert settings.</p>
BSI WID Advisories Feed<p><a href="https://social.adlerweb.info/tags/BSI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSI</span></a> WID-SEC-2024-0930: [NEU] [mittel] <a href="https://social.adlerweb.info/tags/Red" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Red</span></a> <a href="https://social.adlerweb.info/tags/Hat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hat</span></a> <a href="https://social.adlerweb.info/tags/Enterprise" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Enterprise</span></a> <a href="https://social.adlerweb.info/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> (<a href="https://social.adlerweb.info/tags/sssd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sssd</span></a>): Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen</p><p>Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um Sicherheitsvorkehrungen zu umgehen.</p><p><a href="https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0930" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">wid.cert-bund.de/portal/wid/se</span><span class="invisible">curityadvisory?name=WID-SEC-2024-0930</span></a></p>
Cyril Brulebois<p>While <a href="https://mamot.fr/tags/sssd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sssd</span></a> supports settings for the CA certs directory, those aren't actually used, and the TLS connection to the LDAP is delegated to <a href="https://mamot.fr/tags/openldap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openldap</span></a> functions, which require… /etc/ldap/ldap.conf to point somewhere. Without that file, the server certificate is not trusted…</p><p>And while libldap-common was pulled via the libldap-&lt;ABI&gt; library which was itself pulled by sssd-ldap in Debian 10, that's no longer the case in Debian 11.</p>
Cyril Brulebois<p>Today's fun: <a href="https://mamot.fr/tags/sssd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sssd</span></a> deployed on Debian 10 works fine once ca-certificates is tweaked to include the internal CA; but doesn't on Debian 11 with the exact same playbook.</p><p>Weird “Unknown error code” in the TLS layer — THANK YOU SO MUCH CRYPTOGRAPHERS FOR ACCURATE ERROR REPORTING.</p>
christian mock<p>Is anyone using sssd with AD on ubuntu and getting weird, intermittent and machine-dependent ID mapping failures (for users and groups)? And maybe even has a solution?</p><p><a href="https://chaos.social/tags/sssd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sssd</span></a></p>
furicle<p>Looking for info <a href="https://mastodon.social/tags/alma" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>alma</span></a> <a href="https://mastodon.social/tags/rocky" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rocky</span></a> <a href="https://mastodon.social/tags/rhel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rhel</span></a> in AD and using as a file server.</p><p>RHEL docs seem to say <a href="https://mastodon.social/tags/sssd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sssd</span></a> is the preferred way to join domain, but they don't explain how to use sssd and NOT <a href="https://mastodon.social/tags/winbind" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>winbind</span></a> for <a href="https://mastodon.social/tags/smb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>smb</span></a> </p><p>Can you use smb file shares with WIndows permissions and not use the winbind method to join AD?</p>