Re: linux server AD accounts and local accounts

From: Mark J. Bobak <mark_at_bobak.net>
Date: Thu, 23 Jun 2022 23:14:43 -0400
Message-ID: <CAFQ5ACKJs+hK8QtOUTHf91zGy-FD-UiqRrW9rcN6VWg9JE-Czg_at_mail.gmail.com>

We just started converting our servers to AD login w/ two-factor enabled. In my case, we have existing servers w/ Oracle user and Oracle already installed. We installed sssd and the AD users started working, and the Oracle account could no longer login. I have to login w/ my AD account, and then sudo to Oracle to work in that account. It seems to be working well.

This is early stages. We just got our first DB server and first two web servers moved to AD. So far, so good.

-Mark

On Thu, Jun 23, 2022, 15:49 Niklas Iveslatt <niklas.iveslatt_at_arisant.com> wrote:

> Oh very cool :)
>
> Niklas Iveslatt
> Senior Partner
>
>
> Arisant LLC ~ http://www.arisant.com
> 44 Inverness Dr. E Bldg. C Suite 2 ~ Englewood, CO 80112
> mobile: 303.882.4461 ~ main: 303.330.4065 ~ fax: 888.889.0155
>
> Need to send me something securely? *Click here*
> <https://arisant.sendsafely.com/u/niklas.iveslatt>
>
>
> On Thu, Jun 23, 2022 at 1:48 PM Jeff Chirco <backseatdba_at_gmail.com> wrote:
>
>> Thank you Nikla that seems like it worked. Thanks for the quick response.
>>
>> On Wed, Jun 22, 2022 at 1:32 PM Niklas Iveslatt <
>> niklas.iveslatt_at_arisant.com> wrote:
>>
>>> If you are using sssd you can add this to filter out users and groups
>>> and use local accounts where applicable.
>>>
>>> [nss]
>>> filter_groups = root,oracle,psoft,opc
>>> filter_users = root,oracle,psoft,opc
>>>
>>>
>>> Niklas Iveslatt
>>> Senior Partner
>>>
>>>
>>> Arisant LLC ~ http://www.arisant.com
>>> 44 Inverness Dr. E Bldg. C Suite 2 ~ Englewood, CO 80112
>>> mobile: 303.882.4461 ~ main: 303.330.4065 ~ fax: 888.889.0155
>>>
>>> Need to send me something securely? *Click here*
>>> <https://arisant.sendsafely.com/u/niklas.iveslatt>
>>>
>>>
>>> On Wed, Jun 22, 2022 at 2:29 PM Jeff Chirco <backseatdba_at_gmail.com>
>>> wrote:
>>>
>>>> We are setting up a new server and have enabled AD account to be sync
>>>> with the Linux server for single sign-on. However we have an AD "oracle"
>>>> that has been synced but I don't want that, instead I want to create a
>>>> local "oracle" user to install oracle. Anyone know how to get around this?
>>>>
>>>> Thanks,
>>>> Jeff
>>>>
>>>

--
http://www.freelists.org/webpage/oracle-l

Received on Fri Jun 24 2022 - 05:14:43 CEST

This message: [ Message body ]
Next message: DOUG KUSHNER: "OEM reporting failed login attempts on read-only physical standby database"
Previous message: Chris Taylor: "Anyone else done "Custom Software Images" on Exadata Gen 2? Have one question"
In reply to: Niklas Iveslatt: "Re: linux server AD accounts and local accounts"
In reply to Niklas Iveslatt: "Re: linux server AD accounts and local accounts"
Next in thread: Nenad Noveljic: "Re: Stats gather taking longer -19c"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message