> From: jhrozek@redhat.com
> To: sssd-users@lists.fedorahosted.org
> Subject: Re: [SSSD-users] authenticating against all sub-domains in AD forest
>
> On Sun, Sep 29, 2013 at 02:41:11PM +0100, a t wrote:
> > Hi,
> >
> > That user, test.user, is in the subdomain a.domain.org.
> >
> > Thr logs mark domain.org as a subdomain of b.domain.org. however, this is not correct - domain.org is the root domain of which b.domain.org is a subdomain. We do not have users in the root domain. All users are in other subdomains.
> >
> > I believe the user I tested in another subdomain, mhunt.test@a.domain.org did not show in the logs. When I tried to log in with mhunt.test@a.domain.org the logs show that sssd believes that domain "a" is a subdomain if b.domain.org rather than another subdomain of domain.org.
> >
> > I might have to ask if I can send un-obfuscated incase I am adding in confusion!
> >
> > Thanks,
> >
> > Matthew
>
> Interesting, I see no fatal erorr in the domain log, then. Could you
> also paste the tail of /var/log/secure after the auth and also put
> debug_level directive into the [pam] section as well?
>
> If you prefer, you can send the logs directly to me without obfuscation.
> _______________________________________________
> sssd-users mailing list
> sssd-users@lists.fedorahosted.org
> https://lists.fedorahosted.org/mailman/listinfo/sssd-users

Hi,

I'll send the logs direct, thank you. I have debug_level = 8. Is that Ok or too chatty?

Thanks,

Matthew