Am Wed, Nov 23, 2022 at 03:55:25PM +0100 schrieb Francis Augusto Medeiros-Logeay:
...
>>
>> Here it is:
>>
>> userPrincipalName: francis
>
> Hi,
>
> ok, this explains the failure. It is expected that the attribute value
> is 'name(a)domain.name', see e.g.
>
https://learn.microsoft.com/en-us/windows/win32/adschema/a-userprincipalname
> and
>
https://learn.microsoft.com/en-us/windows/win32/ad/naming-properties#user...
>
> I guess the name was added manually, because if you use the AD tools a
> suitable domain name should be added automatically. Is there a reason
> the name was added in this format?
>
> If possible I would suggest to either remove the attribute completely or
> replace the value with a one in the 'name(a)domain.name' format where
> 'domain.name' is wither the name of the AD domain the user is coming
> from or a suitable alternative domain suffix if those are defined in
> your AD environment.
>
> bye,
> Sumit
Hi Sumit,
We are fixing that. But we changed the userPrincipalName to francis(a)domain.no
<mailto:francis@domain.no>, and still have errors no matter with or without
ldap_user_principal, the latter testet with nosuchattribute and with userPrincipalName. It
only works with krb5_validate = false.
We get `No mapping for: francis(a)domain.no <mailto:ec-franciaa@ad.fp.educloud.no>`
on the logs.
Hi,
this messages is expected, it means that are are no explicit mappings
for the user name to a Kerberos principal with the krb5_map_user option
in sssd.conf.
Please, if possible, send the full log together with krb5_child.log and
sssd_pac.log if those files have some content.
bye,
Sumit
Best,
Francis
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue