Date: Tue, 1 Oct 2013 20:43:54 +0200
From: jhrozek(a)redhat.com
To: sssd-users(a)lists.fedorahosted.org
Subject: Re: [SSSD-users] authenticating against all sub-domains in AD forest
On Sun, Sep 29, 2013 at 02:41:11PM +0100, a t wrote:
> Hi,
>
> That user, test.user, is in the subdomain
a.domain.org.
>
> Thr logs mark
domain.org as a subdomain of
b.domain.org. however, this is not
correct -
domain.org is the root domain of which
b.domain.org is a subdomain. We do not
have users in the root domain. All users are in other subdomains.
>
> I believe the user I tested in another subdomain, mhunt.test(a)a.domain.org did not
show in the logs. When I tried to log in with mhunt.test(a)a.domain.org the logs show that
sssd believes that domain "a" is a subdomain if
b.domain.org rather than another
subdomain of
domain.org.
>
> I might have to ask if I can send un-obfuscated incase I am adding in confusion!
>
> Thanks,
>
> Matthew
Interesting, I see no fatal erorr in the domain log, then. Could you
also paste the tail of /var/log/secure after the auth and also put
debug_level directive into the [pam] section as well?
If you prefer, you can send the logs directly to me without obfuscation.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Hi,
I'll send the logs direct, thank you. I have debug_level = 8. Is that Ok or too
chatty?
Thanks,
Matthew