cloud engineer
by Ulysses
If you have SSSD running and the default shell is ksh even with the default shell set to bash.
Here’s the fix to override the default shell in /etc/sssd/sssd.conf. Add override_shell.
default_shell = /bin/bash override_shell = /bin/bash |
default_shell = /bin/bash override_shell = /bin/bash
To check which shell you are using.
echo $SHELL /bin/bash |
echo $SHELL /bin/bash
by Ulysses
Generate a SSSD report.
#!/bin/bash log="log" > $log sep () { echo "--------------------------------" >> $log; } sep echo "SSSD Status" >> $log sep systemctl status sssd >> $log sep echo "Contents of /etc/resolv.conf" >> $log sep cat /etc/resolv.conf >> $log sep echo "Contents of /etc/sssd/sssd.conf" >> $log sep cat /etc/sssd/sssd.conf >> $log sep echo "Versions of /etc/resolv.conf" >> $log sep ls -l /etc/resolv.conf* >> $log sep echo "Versions of /etc/sssd/sssd.conf" >> $log sep ls -l /etc/sssd/sssd.conf* >> $log sep echo "Contents of /var/log/sssd-rollout.log" >> $log sep cat /var/log/sssd-rollout.log >> $log sep echo "Contents of /var/log/sssd-rollout3.log" >> $log sep cat /var/log/sssd-rollout3.log >> $log sep |
#!/bin/bash log="log" > $log sep () { echo "--------------------------------" >> $log; } sep echo "SSSD Status" >> $log sep systemctl status sssd >> $log sep echo "Contents of /etc/resolv.conf" >> $log sep cat /etc/resolv.conf >> $log sep echo "Contents of /etc/sssd/sssd.conf" >> $log sep cat /etc/sssd/sssd.conf >> $log sep echo "Versions of /etc/resolv.conf" >> $log sep ls -l /etc/resolv.conf* >> $log sep echo "Versions of /etc/sssd/sssd.conf" >> $log sep ls -l /etc/sssd/sssd.conf* >> $log sep echo "Contents of /var/log/sssd-rollout.log" >> $log sep cat /var/log/sssd-rollout.log >> $log sep echo "Contents of /var/log/sssd-rollout3.log" >> $log sep cat /var/log/sssd-rollout3.log >> $log sep
by Ulysses
How to remove SSSD package.
#!/bin/bash service sssd stop chkconfig sssd off rm -rf /var/lib/sss/db/* rm -f /etc/sssd/sssd.conf rm -f /etc/krb5.conf rm -f /etc/krb5.keytab yum remove -y adcli sssd authconfig pam_krb5 samba4-common realmd |
#!/bin/bash service sssd stop chkconfig sssd off rm -rf /var/lib/sss/db/* rm -f /etc/sssd/sssd.conf rm -f /etc/krb5.conf rm -f /etc/krb5.keytab yum remove -y adcli sssd authconfig pam_krb5 samba4-common realmd
by Ulysses
Here’s the command to check if instance is domain joined.
realm discover domain.com |
realm discover domain.com
To check if AD user is working.
id user@ad.example.com |
id user@ad.example.com
To check if AD group is working.
getent group ad-group |
getent group ad-group
by Ulysses
Here’s how to unjoin or leave the domain via SSSD.
realm leave domain.com |
realm leave domain.com
by Ulysses
Some cache to clear.
service sssd stop rm -r /var/lib/sss/db/* rm -r /var/lib/sss/mc/* service sssd start |
service sssd stop rm -r /var/lib/sss/db/* rm -r /var/lib/sss/mc/* service sssd start
Rejoin domain. Run sssd script. Restart sssd.
by Ulysses
A must see for anyone trying to use SSSD on SLES12 systems.
A little bit lengthy, but worth every bit of your half hour.
by Ulysses
Just documenting how to restart SSSD service. SSSD is a service that allows Active Directory groups access to Linux systems.
systemctl restart sssd.service |
systemctl restart sssd.service
For other or older Linux distros, you may have to use this:
service sssd restart |
service sssd restart
You can always try the other if one doesn’t work.