Project

General

Profile

Actions

Feature #12091

open

RFE: Add support for sssd authentication

Added by Orion Poplawski over 1 year ago. Updated about 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
06/28/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

I'm making use of sssd authentication on pfSense 2.5+, but I keep having to add "sss" to nsswitch.conf because it is overwritten by /etc/inc/auth.inc. I'm setting:

group: files sss
passwd: files sss

For reference, my /usr/local/etc/sssd/sssd.conf is like:

[sssd]
config_file_version = 2
services = nss
domains = ad.nwra.com

[nss]
override_homedir = /home/%u
override_shell = /bin/tcsh

[pam]

[domain/ad.nwra.com]
id_provider = ldap
sudo_provider = none
; auth_provider = ldap
ldap_schema = AD
ldap_uri = ldaps://ADSERVER

ldap_referrals = false
ldap_default_bind_dn = {{ ad_bind_user }}
ldap_default_authtok = {{ ad_bind_password }}
ldap_search_base = dc=ad,dc=nwra,dc=com
ldap_user_gecos = displayName
auto_private_groups = true

Or perhaps at least provide a way to have a custom nsswitch.conf file. Thanks.

Actions #1

Updated by Orion Poplawski about 1 year ago

I was very disappointed to see that sssd disappeared from the pfSense repository. Is there any chance it could be added back?

Actions #2

Updated by Gabriel Zellmer about 2 months ago

Orion Poplawski wrote in #note-1:

I was very disappointed to see that sssd disappeared from the pfSense repository. Is there any chance it could be added back?

Agreed, SSSD is not going anywhere and is widely used nowadays.

Actions

Also available in: Atom PDF