On Thu, Mar 26, 2015 at 04:32:53PM +0200, Timo Aaltonen wrote:
On 26.03.2015 16:19, Ludger Koehler wrote:
Hi Timo,
sorry but i have a Question.
We use Ubuntu 14.04 LTS Server with sssd-ad to authenticate over Windows 2008 R2 AD and it works. But there is one Problem, "ad_access_filter" don't work.
in sssd.conf the parameter access_provider = ad ad_access_filter = DOM:(&(objectCategory=Group)(objectClass=samaccountname)(|(ou=group1)(ou=group2)(ou=group3)))
is set.
Other Filter like ad_access_filter = (|(memberOf=cn=group1,ou=gruppen,ou=examle,dc=test,dc=de)(memberOf=cn=group2,ou=gruppen,ou=example,dc=test,dc=de)(memberOf=cn=group3,ou=gruppen,ou=example,dc=test,dc=de))
don't work too.
Do you have an idea, whats the Problem or is it a Bug?
I guess the sssd-users list is better for questions like these, I don't know the answer off-hand.
(sssd version in 14.04 is still at 1.11.5 btw, if relevant here)
My first suggestion would be to not use the filter based access control options, but rather the simple access provider
access_provider = simple simple_allow_groups = group1, group2