SSSD on Hosted Engine

Hi I am trying to configure sssd on my hosted engine. Essentially we control host access in LDAP so I want sssd to read that thus allow my coworkers to login to hosted engine vm. For some reason sssd reports backend offline even though it's resolvable, pingable, with ports open. I see that it's a SELinux issue which I can resolve. After changing to permissive SSSD works. To have system read sssd database I set hosts line in /etc/nsswitch.conf to: hosts files sss Though it seems that I did something bad to /etc/nsswitch.conf as now yum, ping, etc does not work. Could someone suggest how to restore this file or could anyone share theirs? Thanks, Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Weill Cornell Medicine 1300 York - LC-502 E: doug@med.cornell.edu O: 212-746-6305 F: 212-746-8690

Yay, I was able to restore nsswitch so things now work. Anyway that oVirt can use SSSD for web auth? Per https://ovirt.org/develop/release-management/features/infra/aaa_faq/ there's a bug https://bugzilla.redhat.com/show_bug.cgi?id=829292 that prevents it from working? Thanks, Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Weill Cornell Medicine 1300 York - LC-502 E: doug@med.cornell.edu O: 212-746-6305 F: 212-746-8690 On Wed, Aug 22, 2018 at 8:51 AM, Douglas Duckworth <dod2014@med.cornell.edu> wrote:
Hi
I am trying to configure sssd on my hosted engine. Essentially we control host access in LDAP so I want sssd to read that thus allow my coworkers to login to hosted engine vm.
For some reason sssd reports backend offline even though it's resolvable, pingable, with ports open. I see that it's a SELinux issue which I can resolve. After changing to permissive SSSD works.
To have system read sssd database I set hosts line in /etc/nsswitch.conf to:
hosts files sss
Though it seems that I did something bad to /etc/nsswitch.conf as now yum, ping, etc does not work.
Could someone suggest how to restore this file or could anyone share theirs?
Thanks,
Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Weill Cornell Medicine 1300 York - LC-502 E: doug@med.cornell.edu O: 212-746-6305 F: 212-746-8690

FYI, This allowed SSSD to work on hosted engine at least for system auth semanage fcontext -a -t net_conf_t '/etc/hosts' /sbin/restorecon -v /etc/hosts sealert -a /var/log/audit/audit.log shows a ton of daemons were unable to read /etc/hosts... Thanks, Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Weill Cornell Medicine 1300 York - LC-502 E: doug@med.cornell.edu O: 212-746-6305 F: 212-746-8690 On Wed, Aug 22, 2018 at 8:59 AM, Douglas Duckworth <dod2014@med.cornell.edu> wrote:
Yay, I was able to restore nsswitch so things now work.
Anyway that oVirt can use SSSD for web auth?
Per https://ovirt.org/develop/release-management/features/infra/aaa_faq/ there's a bug https://bugzilla.redhat.com/show_bug.cgi?id=829292 that prevents it from working?
Thanks,
Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Weill Cornell Medicine 1300 York - LC-502 E: doug@med.cornell.edu O: 212-746-6305 F: 212-746-8690
On Wed, Aug 22, 2018 at 8:51 AM, Douglas Duckworth < dod2014@med.cornell.edu> wrote:
Hi
I am trying to configure sssd on my hosted engine. Essentially we control host access in LDAP so I want sssd to read that thus allow my coworkers to login to hosted engine vm.
For some reason sssd reports backend offline even though it's resolvable, pingable, with ports open. I see that it's a SELinux issue which I can resolve. After changing to permissive SSSD works.
To have system read sssd database I set hosts line in /etc/nsswitch.conf to:
hosts files sss
Though it seems that I did something bad to /etc/nsswitch.conf as now yum, ping, etc does not work.
Could someone suggest how to restore this file or could anyone share theirs?
Thanks,
Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Weill Cornell Medicine 1300 York - LC-502 E: doug@med.cornell.edu O: 212-746-6305 F: 212-746-8690

2018-08-22 14:59 GMT+02:00 Douglas Duckworth <dod2014@med.cornell.edu>:
Yay, I was able to restore nsswitch so things now work.
Anyway that oVirt can use SSSD for web auth?
Per https://ovirt.org/develop/release-management/features/infra/aaa_faq/ there's a bug https://bugzilla.redhat.com/show_bug.cgi?id=829292 that prevents it from working?
I would suggest to comment on that bug with your use case, it will help understanding the needs.
Thanks,
Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Weill Cornell Medicine 1300 York - LC-502 E: doug@med.cornell.edu O: 212-746-6305 F: 212-746-8690
On Wed, Aug 22, 2018 at 8:51 AM, Douglas Duckworth < dod2014@med.cornell.edu> wrote:
Hi
I am trying to configure sssd on my hosted engine. Essentially we control host access in LDAP so I want sssd to read that thus allow my coworkers to login to hosted engine vm.
For some reason sssd reports backend offline even though it's resolvable, pingable, with ports open. I see that it's a SELinux issue which I can resolve. After changing to permissive SSSD works.
To have system read sssd database I set hosts line in /etc/nsswitch.conf to:
hosts files sss
Though it seems that I did something bad to /etc/nsswitch.conf as now yum, ping, etc does not work.
Could someone suggest how to restore this file or could anyone share theirs?
Thanks,
Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Weill Cornell Medicine 1300 York - LC-502 E: doug@med.cornell.edu O: 212-746-6305 F: 212-746-8690
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community- guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/ message/DSFBEFKBNAWZMLMASRJ7YKZO3PZWKJLV/
-- SANDRO BONAZZOLA MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV Red Hat EMEA <https://www.redhat.com/> sbonazzo@redhat.com <https://red.ht/sig> <https://www.redhat.com/en/events/red-hat-open-source-day-italia?sc_cid=701f2000000RgRyAAK>
participants (2)
-
Douglas Duckworth
-
Sandro Bonazzola