> > Maybe you should use the uPNSuffix from domain
c.example.org
for your
> > user accounts in domains a.c and a.b? Or add a valid one;
> >
http://support2.microsoft.com/kb/243629. Is it possible to use that
> > uPNSuffix as default in SSSD?
>
> Yes, since 1.12
>
> Prior to that, you could use either the SSSD domain name as specified in the
> config file or the NetBIOS name (which was autodiscovered).
I am limited to the version Ubuntu LTS offers - 1.11.7.
I added default_domain_suffix =
c.example.org to [sssd] section of sssd.conf, but
User 'longina' from
nat.c.example.org can not login on machine joined to
NAT.C.EXAMPLE.COM with short login 'longina'
Did you change the account longinas UPN suffix from @nat.c.example.org
to @c.example.org?
I can search user object 'longina' in Global Catalog in
c.example.org and
nat.c.example.org
Attached log files(sss_pam, sss_nss):
===============
/etc/sssd/sssd.conf
===============
[nss]
debug_level = 9
filter_groups = root
filter_users =
root,lightdm,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd
[sssd]
debug_level = 6
domains =
nat.c.example.org
default_domain_suffix =
c.example.org
config_file_version = 2
services = nss,pam
[pam]
pam_verbosity = 3
debug_level = 9
[
domain/nat.c.example.org]
debug_level = 9
id_provider = ad
access_provider = ad
auth_provider = ad
chpass_provider = ad
ad_domain =
nat.c.example.org
krb5_realm =
NAT.C.EXAMPLE.ORG
#cache_credentials = True
#krb5_store_password_if_offline = True
default_shell = /bin/bash
override_home_directory = /home/%u
use_fully_qualified_names = False
ldap_id_mapping = False
fallback_homedir = /home-local/%u
==========================================0
sssd_pam.log
===========
[sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate
[sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'longina' matched
without domain, user is longina
[sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default domain [
c.example.org]
[sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE
[sssd[pam]] [pam_print_data] (0x0100): domain:
c.example.org
[sssd[pam]] [pam_print_data] (0x0100): user: longina
[sssd[pam]] [pam_print_data] (0x0100): service: lightdm
[sssd[pam]] [pam_print_data] (0x0100): tty: :0
[sssd[pam]] [pam_print_data] (0x0100): ruser: not set
[sssd[pam]] [pam_print_data] (0x0100): rhost: not set
[sssd[pam]] [pam_print_data] (0x0100): authtok type: 1
[sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
[sssd[pam]] [pam_print_data] (0x0100): priv: 1
[sssd[pam]] [pam_print_data] (0x0100): cli_pid: 1991
[sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/c.example.org/longina]
[sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for
[0x40b150:3:longina@c.example.org]
[sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for
[c.example.org][3][1][name=longina]
[sssd[pam]] [sbus_add_timeout] (0x2000): 0x13d5420
[sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request
[0x40b150:3:longina@c.example.org]
[sssd[pam]] [sbus_remove_timeout] (0x2000): 0x13d5420
[sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x13d4600
[sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
[sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0
errno: 0 error message: Success
[sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for
[longina(a)c.example.org]
[sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x13d6830
[sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x13d83b0
[sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x13d6830
[sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x13d83b0
[sssd[pam]] [ldb] (0x4000): Running timer event 0x13d6830 "ltdb_callback"
[sssd[pam]] [ldb] (0x4000): Destroying timer event 0x13d83b0 "ltdb_timeout"
[sssd[pam]] [ldb] (0x4000): Ending timer event 0x13d6830 "ltdb_callback"
[sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [
NCE/USER/c.example.org/longina] to
negative cache
[sssd[pam]] [pam_check_user_search] (0x0040): No results for getpwnam call
[sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [10].
[sssd[pam]] [pam_reply] (0x0200): blen: 25
[sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request:
[0x40b150:3:longina@c.example.org]
[sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x13d93d0][17]
[sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x13d0af0
[sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
[sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping]
[sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
[sssd[pam]] [sbus_handler_got_caller_id] (0x4000): Received SBUS method [ping]
[sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x13d93d0][17]
[sssd[pam]] [client_recv] (0x0200): Client disconnected!
[sssd[pam]] [client_destructor] (0x2000): Terminated client [0x13d93d0][17]
====================================
sssd_nss.log
=====================================
[sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from
[
c.example.org]
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/c.example.org/longina]
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [longina] does not exist in
[
c.example.org]! (negative cache)
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [longina].
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'longina' matched
without domain, user is longina
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [
c.example.org]
[sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from
[
c.example.org]
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/c.example.org/longina]
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [longina] does not exist in
[
c.example.org]! (negative cache)
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [longina].
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'longina' matched
without domain, user is longina
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [
c.example.org]
[sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from
[
c.example.org]
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/c.example.org/longina]
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [longina] does not exist in
[
c.example.org]! (negative cache)
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [longina].
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'longina' matched
without domain, user is longina
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [
c.example.org]
[sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from
[
c.example.org]
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/c.example.org/longina]
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [longina] does not exist in
[
c.example.org]! (negative cache)
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input
[longina(a)nat.c.example.org].
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): name
'longina(a)nat.c.example.org' matched expression for domain
'nat.c.example.org', user is longina
[sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from
[
nat.c.example.org]
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/nat.c.example.org/longina]
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for
[longina(a)nat.c.example.org]
[sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x151e6a0
[sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1516d70
[sssd[nss]] [ldb] (0x4000): Running timer event 0x151e6a0 "ltdb_callback"
[sssd[nss]] [ldb] (0x4000): Destroying timer event 0x1516d70 "ltdb_timeout"
[sssd[nss]] [ldb] (0x4000): Ending timer event 0x151e6a0 "ltdb_callback"
[sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for
[0x417bf0:1:longina@nat.c.example.org]
[sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for
[nat.c.example.org][4097][1][name=longina]
[sssd[nss]] [sbus_add_timeout] (0x2000): 0x15282b0
[sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request
[0x417bf0:1:longina@nat.c.example.org]
[sssd[nss]] [sbus_remove_timeout] (0x2000): 0x15282b0
[sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 0x1519600
[sssd[nss]] [sbus_dispatch] (0x4000): Dispatching.
[sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0
errno: 0 error message: Success
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/nat.c.example.org/longina]
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for
[longina(a)nat.c.example.org]
[sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x151d790
[sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x151d8c0
[sssd[nss]] [ldb] (0x4000): Running timer event 0x151d790 "ltdb_callback"
[sssd[nss]] [ldb] (0x4000): Destroying timer event 0x151d8c0 "ltdb_timeout"
[sssd[nss]] [ldb] (0x4000): Ending timer event 0x151d790 "ltdb_callback"
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user
[longina(a)nat.c.example.org]
[sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request:
[0x417bf0:1:longina@nat.c.example.org]
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input
[longina(a)nat.c.example.org].
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): name
'longina(a)nat.c.example.org' matched expression for domain 'nat.c.:
example.org', user is longina
[sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from
[
nat.c.example.org]
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/nat.c.example.org/longina]
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for
[longina(a)nat.c.example.org]
[sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1528190
[sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1517960
[sssd[nss]] [ldb] (0x4000): Running timer event 0x1528190 "ltdb_callback"
[sssd[nss]] [ldb] (0x4000): Destroying timer event 0x1517960 "ltdb_timeout"
[sssd[nss]] [ldb] (0x4000): Ending timer event 0x1528190 "ltdb_callback"
[sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user
[longina(a)nat.c.example.org]
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [*other].
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): name '*other' matched without
domain, user is *other
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [
c.example.org]
[sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [*other] from
[
c.example.org]
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/c.example.org/*other]
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for
[*other(a)c.example.org]
[sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1517960
[sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x151e6a0
[sssd[nss]] [ldb] (0x4000): Running timer event 0x1517960 "ltdb_callback"
[sssd[nss]] [ldb] (0x4000): Destroying timer event 0x151e6a0 "ltdb_timeout"
[sssd[nss]] [ldb] (0x4000): Ending timer event 0x1517960 "ltdb_callback"
[sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for
[0x417bf0:1:*other@c.example.org]
[sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for
[c.example.org][4097][1][name=*other]
[sssd[nss]] [sbus_add_timeout] (0x2000): 0x151a400
[sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request
[0x417bf0:1:*other@c.example.org]
[sssd[nss]] [sbus_remove_timeout] (0x2000): 0x151a400
[sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 0x1519600
[sssd[nss]] [sbus_dispatch] (0x4000): Dispatching.
[sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0
errno: 0 error message: Success
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/c.example.org/*other]
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for
[*other(a)c.example.org]
[sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1527b00
...
[sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [
NCE/USER/c.example.org/*other] to
negative cache
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0040): No results for getpwnam call
Best,
longina
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users