Hi After a lot of trial and error, I came up with this:
[sssd] #debug_level = 6 services = nss, pam, autofs config_file_version = 2 domains = default [nss] [pam] [autofs]
[domain/default] #debug_level = 6 dyndns_update=true ad_hostname = catral.hh3.site ad_server = hh16.hh3.site ad_domain = hh3.site
ldap_schema = ad id_provider = ad access_provider = ad enumerate = true cache_credentials = true auth_provider = ad chpass_provider = ad krb5_realm = hh3.site krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site
ldap_id_mapping=false ldap_referrals = false ldap_uri = ldap://hh16.hh3.site ldap_search_base = dc=hh3,dc=site ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_search_base = dc=hh3,dc=site ldap_group_name = cn ldap_group_member = member
ldap_sasl_mech = gssapi ldap_sasl_authid = CATRAL$@HH3.SITE krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
autofs_provider=ldap
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
getent passwd and domain logins now work but please note only by filling the cache with: enumerate = true
With: enumerate = false getent passwd <username> returns nothing
There messages still remain:
(Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed request(Tue Oct 1 08:41:33 2013) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 11, Internal Error (Se ha agotado el número máximo de reintentos para el servicio) Will try to return what we have in cache (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-500] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1106] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1107] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1108] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1141] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1109] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-513] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1111] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_process_group_send] (0x0040): No Members. Done! (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_process_group_send] (0x0040): No Members. Done! (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-513] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_add_domain] (0x0020): Failed to calculate range for domain [S-1-5-21-451355595-2219208293-2714859210]: [10] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_find_new_domain] (0x0080): Could not add new domain [S-1-5-21-451355595-2219208293-2714859210] (Tue Oct 1 08:41:33 2013) [sssd[be[default]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not add new domain for sid [S-1-5-21-451355595-2219208293-2714859210-1111]