On 18/07/14 20:50, Dmitri Pal wrote:
On 07/18/2014 03:19 PM, Rowland Penny wrote:
On 18/07/14 20:03, Dmitri Pal wrote:
On 07/18/2014 11:53 AM, Rowland Penny wrote:
On 18/07/14 16:18, Jakub Hrozek wrote:
On Thu, Jul 10, 2014 at 11:20:10AM +0100, Rowland Penny wrote:
Any suggest to what I check next??
Sorry for the delayed reply.
Looks like an ACI problem to me, the first search binds as NETBOOK$@EXAMPLE.COM, the second as cn=Administrator,cn=Users,dc=example,dc=com _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
ER, could you please expand 'ACI' for me, I haven't a clue what you are talking about ;-)
Access Control Instructions in LDAP on the server side. In one case the account has privileges to get information and in other it does not. You need to change permission on the server for the SSSD account to have permission to do the search.
Thanks, you have confirmed what I thought was going on, have you any idea how I can give machines the required rights in Active Directory or can you point me at a webpage that explains how to do it?
Sorry, no. I would defer to technical gurus to chime in on Monday.
Rowland _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, I have now got sudo to work on my laptop, but the only way I could find was to add the laptop to Domain Admins. This confirms that it is a permissions problem, but I do not think adding every linux computer to Domain Admins is really a good idea.
So where do we go from here ?? will sssd & sudo work out of the box on any linux distro against AD ?
Rowland