I think all I need now is the PAM config, every single guide I see that does this integrates Active Directory into it instead of FreeIPA, so I have no clue at the moment if my PAM config is wrong or maybe my SSSD config.
' [domain/internal.my.domain] id_provider = ipa ipa_server = _srv_, freeipa.internal.my.domain ipa_domain = internal.my.domain ipa_hostname = terminal.internal.my.domain auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt dyndns_update = True dyndns_iface = enp2s0 krb5_store_password_if_offline = True debug_level=10 [sssd] services = nss, pam, ssh, sudo certificate_verification = no_ocsp domains = internal.my.domain debug_level=10 [nss] homedir_substring = /home debug_level=10 [pam] pam_cert_auth = True pam_cert_db_path = /etc/ipa/ca.crt pam_p11_allowed_services = +xscreensaver, +lightdm, +lightdm-greeter, +lightdm-autologin, +kde, +kscreensaver, +sddm, +sddm-greeter, +sddm-autologin debug_level=10 [sudo] [autofs] [ssh] [pac] debug_level=10 [ifp] [secrets] [session_recording] ' _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
