Feature #12091
open
RFE: Add support for sssd authentication
0%
Description
I'm making use of sssd authentication on pfSense 2.5+, but I keep having to add "sss" to nsswitch.conf because it is overwritten by /etc/inc/auth.inc. I'm setting:
group: files sss passwd: files sss
For reference, my /usr/local/etc/sssd/sssd.conf is like:
[sssd]
config_file_version = 2
services = nss
domains = ad.nwra.com
[nss]
override_homedir = /home/%u
override_shell = /bin/tcsh
[pam]
[domain/ad.nwra.com]
id_provider = ldap
sudo_provider = none
; auth_provider = ldap
ldap_schema = AD
ldap_uri = ldaps://ADSERVER
ldap_referrals = false
ldap_default_bind_dn = {{ ad_bind_user }}
ldap_default_authtok = {{ ad_bind_password }}
ldap_search_base = dc=ad,dc=nwra,dc=com
ldap_user_gecos = displayName
auto_private_groups = true
Or perhaps at least provide a way to have a custom nsswitch.conf file. Thanks.
Updated by Orion Poplawski almost 4 years ago
I was very disappointed to see that sssd disappeared from the pfSense repository. Is there any chance it could be added back?
Updated by Gabriel Zellmer almost 3 years ago
Orion Poplawski wrote in #note-1:
I was very disappointed to see that sssd disappeared from the pfSense repository. Is there any chance it could be added back?
Agreed, SSSD is not going anywhere and is widely used nowadays.
Updated by Orion Poplawski over 2 years ago
Just updated to psSense Plus 23.01 and now with sssd-1.16.5_8 it fails to start with:
ld-elf.so.1: /usr/local/sbin/sssd: Undefined symbol "__libc_start1@FBSD_1.7"
freebsd-version -u reports 14.0-CURRENT - is that not really the case?