[SSSD-users] Re: sssd.conf sections only work if they reflect existing AD domain, why?

Monday, 3 September 2018

SSSD logs would show this better, but I wonder if this is related to also using the AD
domain name in the simple access filter. Do logins work if you use the name of the sssd
section there instead of the AD domain name? Or, do the logins work if you comment out the
access provider for a test?

...
 On 3 Sep 2018, at 10:32, D R <dr01(a)fedoraproject.org&gt; wrote:

 An user belonging to the Simple Users group is resolved correctly via either one of these
commands:

 id simpleuser(a)FOOBAR_NOLOGIN.GLOBAL
 id simpleuser(a)FOOBAR.GLOBAL

 Similarly, an user belonging to the Administrators group can be seen via either one of
these commands:

 id adminuser(a)FOOBAR_ADMINS.GLOBAL
 id adminuser(a)FOOBAR.GLOBAL

 However, no user is able to log in.  I've tried all these commands:

 ssh simpleuser@FOOBAR_NOLOGIN.GLOBAL(a)&lt;server&gt;
 ssh simpleuser@FOOBAR.GLOBAL(a)&lt;server&gt;
 ssh adminuser@FOOBAR_ADMINS.GLOBAL(a)&lt;server&gt;
 ssh adminuser@FOOBAR.GLOBAL(a)&lt;server&gt;

 Here's the ssh -vvv output after that <server> requests the password: 

 debug3: send packet: type 50
 debug2: we sent a password packet, wait for reply
 Authentication failed.
 _______________________________________________
 sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
 To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
 Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
 List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
 List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste... 

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

[SSSD-users] Re: sssd.conf sections only work if they reflect existing AD domain, why?