Date: Tue, 1 Oct 2013 20:43:54 +0200
Subject: Re: [SSSD-users] authenticating against all sub-domains in AD forest
On Sun, Sep 29, 2013 at 02:41:11PM +0100, a t wrote:
> That user, test.user, is in the subdomain a.domain.org
> Thr logs mark domain.org
as a subdomain of b.domain.org
. however, this is not
correct - domain.org
is the root domain of which b.domain.org
is a subdomain. We do not
have users in the root domain. All users are in other subdomains.
> I believe the user I tested in another subdomain, mhunt.test(a)a.domain.org did not
show in the logs. When I tried to log in with mhunt.test(a)a.domain.org the logs show that
sssd believes that domain "a" is a subdomain if b.domain.org
rather than another
subdomain of domain.org
> I might have to ask if I can send un-obfuscated incase I am adding in confusion!
Interesting, I see no fatal erorr in the domain log, then. Could you
also paste the tail of /var/log/secure after the auth and also put
debug_level directive into the [pam] section as well?
If you prefer, you can send the logs directly to me without obfuscation.
sssd-users mailing list
I'll send the logs direct, thank you. I have debug_level = 8. Is that Ok or too