FYI, This allowed SSSD to work on hosted engine at least for system auth semanage fcontext -a -t net_conf_t '/etc/hosts' /sbin/restorecon -v /etc/hosts sealert -a /var/log/audit/audit.log shows a ton of daemons were unable to read /etc/hosts... Thanks, Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Weill Cornell Medicine 1300 York - LC-502 E: doug@med.cornell.edu O: 212-746-6305 F: 212-746-8690 On Wed, Aug 22, 2018 at 8:59 AM, Douglas Duckworth <dod2014@med.cornell.edu> wrote:
Yay, I was able to restore nsswitch so things now work.
Anyway that oVirt can use SSSD for web auth?
Per https://ovirt.org/develop/release-management/features/infra/aaa_faq/ there's a bug https://bugzilla.redhat.com/show_bug.cgi?id=829292 that prevents it from working?
Thanks,
Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Weill Cornell Medicine 1300 York - LC-502 E: doug@med.cornell.edu O: 212-746-6305 F: 212-746-8690
On Wed, Aug 22, 2018 at 8:51 AM, Douglas Duckworth < dod2014@med.cornell.edu> wrote:
Hi
I am trying to configure sssd on my hosted engine. Essentially we control host access in LDAP so I want sssd to read that thus allow my coworkers to login to hosted engine vm.
For some reason sssd reports backend offline even though it's resolvable, pingable, with ports open. I see that it's a SELinux issue which I can resolve. After changing to permissive SSSD works.
To have system read sssd database I set hosts line in /etc/nsswitch.conf to:
hosts files sss
Though it seems that I did something bad to /etc/nsswitch.conf as now yum, ping, etc does not work.
Could someone suggest how to restore this file or could anyone share theirs?
Thanks,
Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Weill Cornell Medicine 1300 York - LC-502 E: doug@med.cornell.edu O: 212-746-6305 F: 212-746-8690