LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-21-2016, 03:32 PM   #1
shuey79
LQ Newbie
 
Registered: Oct 2016
Posts: 7

Rep: Reputation: Disabled
Any way to remove domain name at end of username when authenticating with ldap (sssd)?


The authentication mechanism (sssd) on my RedHat server adds the domain at the end of usernames which is causing a problem when trying to log into a UniData database. Currently what is getting passed is username@ad.domain.com but the db is looking for username. Is there any way to change this on the server?
 
Old 11-21-2016, 04:59 PM   #2
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 7,245
Blog Entries: 9

Rep: Reputation: Disabled
Hi:

I had to read this to understand what you have going on.
https://access.redhat.com/documentat...-user-ids.html

Why it's done this way IMO is a bad idea:
Code:
SSSD uses a combination of the user name and the domain back end name to create the login identity.
Sorry I'm not good with server configuration basic's so you'll have to wait for a member with that experience.

Maybe read this section of SSSD and System Services to see if you can change/remove what's going on. OR try one of the topics under Using and Caching Credentials with SSSD.

https://access.redhat.com/documentat...ntication.html
 
Old 11-22-2016, 06:25 AM   #3
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,678

Rep: Reputation: 1258Reputation: 1258Reputation: 1258Reputation: 1258Reputation: 1258Reputation: 1258Reputation: 1258Reputation: 1258Reputation: 1258
I believe it is part of the Kerberos authentication process. By convention, the network domain name is also used as the Kerberos realm name. This uniquely identifies the user and prevents cross realm failures(ie attacks) and provides better distributed naming facilities. Even if the username is the same, it is made unique by the realm (or domain) name.

The db should accept the expanded name, though instead of specifying just the username, it may require having "username@domainname" form. I don't believe any of the characters are improper for most database systems.

What dabase are you using?

Last edited by jpollard; 11-22-2016 at 06:27 AM.
 
Old 11-22-2016, 08:32 AM   #4
shuey79
LQ Newbie
 
Registered: Oct 2016
Posts: 7

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by jpollard View Post
What dabase are you using?
I'm using Rocket Unidata.
 
Old 11-22-2016, 11:28 AM   #5
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,678

Rep: Reputation: 1258Reputation: 1258Reputation: 1258Reputation: 1258Reputation: 1258Reputation: 1258Reputation: 1258Reputation: 1258Reputation: 1258
I don't see where there should be an issue. The sssd entry is a network identity, not a Linux/Unix login.

I suspect you will have to contact the vendor to get a solution to whatever the problem is.

Last edited by jpollard; 11-22-2016 at 11:32 AM.
 
Old 11-22-2016, 11:55 AM   #6
shuey79
LQ Newbie
 
Registered: Oct 2016
Posts: 7

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by jpollard View Post
I suspect you will have to contact the vendor to get a solution to whatever the problem is.
I've put out a ticket with the vendor, just waiting to hear back.
 
Old 11-22-2016, 11:57 AM   #7
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,184

Rep: Reputation: 1584Reputation: 1584Reputation: 1584Reputation: 1584Reputation: 1584Reputation: 1584Reputation: 1584Reputation: 1584Reputation: 1584Reputation: 1584Reputation: 1584
In the manual page:

Quote:
domains
A domain is a database containing user information. SSSD can use more domains at the same time, but at least one must be configured or SSSD won't start. This parameter described the list of domains in the order you want them to be queried.

re_expression (string)
Default regular expression that describes how to parse the string containing user name and domain into these components.
 
Old 11-23-2016, 08:16 AM   #8
shuey79
LQ Newbie
 
Registered: Oct 2016
Posts: 7

Original Poster
Rep: Reputation: Disabled
Was actually pretty simple. I modified the sssd file by putting in full_name_format = %1$s

Thanks guys!
 
Old 11-23-2016, 08:29 AM   #9
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,184

Rep: Reputation: 1584Reputation: 1584Reputation: 1584Reputation: 1584Reputation: 1584Reputation: 1584Reputation: 1584Reputation: 1584Reputation: 1584Reputation: 1584Reputation: 1584
Nice. Thanks for the update.

To summarize:

re_expression - Reading/Interpretting a user name
full_name_format - Writing/Printing a user name

https://access.redhat.com/documentat...-user-ids.html
 
1 members found this post helpful.
Old 11-23-2016, 03:33 PM   #10
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 7,245
Blog Entries: 9

Rep: Reputation: Disabled
Quote:
Originally Posted by shuey79 View Post
Was actually pretty simple. I modified the sssd file by putting in full_name_format = %1$s

Thanks guys!
You're Welcome.

What string in the sssd file did you have to change?

Don't forget to mark your thread Solved:-
 
Old 11-23-2016, 08:39 PM   #11
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 7,245
Blog Entries: 9

Rep: Reputation: Disabled
jpollard and szboardstretcher thanks for jumping in and helping.-
 
Old 11-24-2016, 12:10 PM   #12
shuey79
LQ Newbie
 
Registered: Oct 2016
Posts: 7

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Ztcoracat View Post
You're Welcome.

What string in the sssd file did you have to change?

Don't forget to mark your thread Solved:-
I just added this to the sssd.config file:
full_name_format = %1$s

Marked as solved too. Didn't even know that was an option

Thanks again guys!
 
Old 11-24-2016, 03:15 PM   #13
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 7,245
Blog Entries: 9

Rep: Reputation: Disabled
Quote:
Originally Posted by shuey79 View Post
I just added this to the sssd.config file:
full_name_format = %1$s

Marked as solved too. Didn't even know that was an option

Thanks again guys!
Thanks for the clarification-

Happy Thanksgiving!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] sssd: Benign local domain sssd.conf needed boxyzzy Linux - Server 1 10-06-2016 01:31 PM
SSSD SUDO ldap enabled issues CaptKrunch Linux - Server 2 12-10-2014 05:49 AM
SSSD Kerberos/LDAP authentication issues with AD turbosur Linux - Networking 0 11-19-2014 12:45 PM
[SOLVED] sssd ldap authentication against samba4 not working anindyameister Linux - Newbie 1 09-30-2013 07:16 AM
authenticating through one ldap server that uses other ldap servers & active director dreamm Linux - Server 1 02-21-2007 08:22 AM


All times are GMT -5. The time now is 10:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration