Feature #12091
openRFE: Add support for sssd authentication
0%
Description
I'm making use of sssd authentication on pfSense 2.5+, but I keep having to add "sss" to nsswitch.conf because it is overwritten by /etc/inc/auth.inc. I'm setting:
group: files sss passwd: files sss
For reference, my /usr/local/etc/sssd/sssd.conf is like:
[sssd] config_file_version = 2 services = nss domains = ad.nwra.com [nss] override_homedir = /home/%u override_shell = /bin/tcsh [pam] [domain/ad.nwra.com] id_provider = ldap sudo_provider = none ; auth_provider = ldap ldap_schema = AD ldap_uri = ldaps://ADSERVER ldap_referrals = false ldap_default_bind_dn = {{ ad_bind_user }} ldap_default_authtok = {{ ad_bind_password }} ldap_search_base = dc=ad,dc=nwra,dc=com ldap_user_gecos = displayName auto_private_groups = true
Or perhaps at least provide a way to have a custom nsswitch.conf file. Thanks.
Updated by Orion Poplawski about 3 years ago
I was very disappointed to see that sssd disappeared from the pfSense repository. Is there any chance it could be added back?
Updated by Gabriel Zellmer about 2 years ago
Orion Poplawski wrote in #note-1:
I was very disappointed to see that sssd disappeared from the pfSense repository. Is there any chance it could be added back?
Agreed, SSSD is not going anywhere and is widely used nowadays.
Updated by Orion Poplawski almost 2 years ago
Just updated to psSense Plus 23.01 and now with sssd-1.16.5_8 it fails to start with:
ld-elf.so.1: /usr/local/sbin/sssd: Undefined symbol "__libc_start1@FBSD_1.7"
freebsd-version -u reports 14.0-CURRENT - is that not really the case?