FYI,

This allowed SSSD to work on hosted engine at least for system auth

semanage fcontext -a -t net_conf_t '/etc/hosts'

 /sbin/restorecon -v /etc/hosts

sealert -a /var/log/audit/audit.log shows a ton of daemons were unable to read /etc/hosts...

Thanks,

Douglas Duckworth, MSc, LFCS
HPC System Administrator
Scientific Computing Unit
Weill Cornell Medicine
1300 York - LC-502
E: doug@med.cornell.edu
O: 212-746-6305
F: 212-746-8690


On Wed, Aug 22, 2018 at 8:59 AM, Douglas Duckworth <dod2014@med.cornell.edu> wrote:
Yay, I was able to restore nsswitch so things now work.

Anyway that oVirt can use SSSD for web auth?

Per https://ovirt.org/develop/release-management/features/infra/aaa_faq/ there's a bug https://bugzilla.redhat.com/show_bug.cgi?id=829292 that prevents it from working?



Thanks,

Douglas Duckworth, MSc, LFCS
HPC System Administrator
Scientific Computing Unit
Weill Cornell Medicine
1300 York - LC-502
E: doug@med.cornell.edu
O: 212-746-6305
F: 212-746-8690


On Wed, Aug 22, 2018 at 8:51 AM, Douglas Duckworth <dod2014@med.cornell.edu> wrote:
Hi

I am trying to configure sssd on my hosted engine.  Essentially we control host access in LDAP so I want sssd to read that thus allow my coworkers to login to hosted engine vm.

For some reason sssd reports backend offline even though it's resolvable, pingable, with ports open.  I see that it's a SELinux issue which I can resolve.  After changing to permissive SSSD works.

To have system read sssd database I set hosts line in /etc/nsswitch.conf to:

hosts files sss

Though it seems that I did something bad to /etc/nsswitch.conf as now yum, ping, etc does not work.

Could someone suggest how to restore this file or could anyone share theirs?

Thanks,

Douglas Duckworth, MSc, LFCS
HPC System Administrator
Scientific Computing Unit
Weill Cornell Medicine
1300 York - LC-502
E: doug@med.cornell.edu
O: 212-746-6305
F: 212-746-8690