Project

General

Profile

Actions

Feature #12091

open

RFE: Add support for sssd authentication

Added by Orion Poplawski over 3 years ago. Updated almost 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
06/28/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

I'm making use of sssd authentication on pfSense 2.5+, but I keep having to add "sss" to nsswitch.conf because it is overwritten by /etc/inc/auth.inc. I'm setting:

group: files sss
passwd: files sss

For reference, my /usr/local/etc/sssd/sssd.conf is like:

[sssd]
config_file_version = 2
services = nss
domains = ad.nwra.com

[nss]
override_homedir = /home/%u
override_shell = /bin/tcsh

[pam]

[domain/ad.nwra.com]
id_provider = ldap
sudo_provider = none
; auth_provider = ldap
ldap_schema = AD
ldap_uri = ldaps://ADSERVER

ldap_referrals = false
ldap_default_bind_dn = {{ ad_bind_user }}
ldap_default_authtok = {{ ad_bind_password }}
ldap_search_base = dc=ad,dc=nwra,dc=com
ldap_user_gecos = displayName
auto_private_groups = true

Or perhaps at least provide a way to have a custom nsswitch.conf file. Thanks.

Actions #1

Updated by Orion Poplawski about 3 years ago

I was very disappointed to see that sssd disappeared from the pfSense repository. Is there any chance it could be added back?

Actions #2

Updated by Gabriel Zellmer about 2 years ago

Orion Poplawski wrote in #note-1:

I was very disappointed to see that sssd disappeared from the pfSense repository. Is there any chance it could be added back?

Agreed, SSSD is not going anywhere and is widely used nowadays.

Actions #3

Updated by Orion Poplawski almost 2 years ago

Just updated to psSense Plus 23.01 and now with sssd-1.16.5_8 it fails to start with:

ld-elf.so.1: /usr/local/sbin/sssd: Undefined symbol "__libc_start1@FBSD_1.7"

freebsd-version -u reports 14.0-CURRENT - is that not really the case?

Actions

Also available in: Atom PDF