I had this problem.
Thanks to the SSSD guessing the realm, you can set your ldap_user_principal
to the following, and it will append the @realm.
ldap_user_principal = sAMAccountName
Also, IMO, ignore the suggestions in that link, use the AD provider. Ditch
the bind account.
id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = ad
Use msktutil to join the pc to the AD domain, or create the krb5.keytab
file on your domain controller and move it to the pc running fedora, if you
do that, be sure to tell selinux to accept the foreign file.
Chris
On Wed, Jan 29, 2014 at 3:18 PM, Nordgren, Bryce L -FS
<bnordgren(a)fs.fed.us>wrote:
> > > > I think the most important log would be the one from the back end,
> > > > generated by including debug_level in the [domain] section.
Oh...I noticed that according to the man page, "debug_level" is listed as
an option for services, but is not listed for domains. Perhaps this is
something to put into trac?
This electronic message contains information generated by the USDA solely
for the intended recipients. Any unauthorized interception of this message
or the use or disclosure of the information it contains may violate the law
and subject the violator to civil or criminal penalties. If you believe you
have received this message in error, please notify the sender and delete
the email immediately.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
--
Intelligence is a matter of opinion.