On (09/07/15 22:36), Thackeray, Neil L wrote:
I'm new to sssd, so I'm not sure I have everything set up
correctly, but from what I've seen setting up authentication against AD should be
fairly easy.
I'm able to authenticate, and group lookups seem to work during authentication. When I
look through the sssd domain log I see it going through my groups and enumerating users.
Unfortunately, it's not able to resolve my gidNumber which is in my personal LDAP
entry in the user objectclass not in the group objectclass.
This log entry happens when I into ssh into the server or run 'groups' from the
command line.
(Thu Jul 9 13:56:24 2015) [sssd[be[ad.mydomain.edu]]] [sdap_get_generic_ext_step]
(0x0400): calling ldap_search_ext with
[(&(gidNumber=182275)(objectclass=group)(name=*)(&(gidNumber=*)(!(gidNumber=0))))][DC=ad,DC=mydomain,DC=edu].
Output of running 'groups' while my account is logged in:
groups: cannot find name for group ID 182275
182275
I'm in a lot of groups, so I can only assume that it tries to resolve my gidNumber,
can't and gives up.
sssd version 1.11.5
1.11.5 may contain some bugs. So please test with latest 1.11
version
or latest 1.12 version
sssd.conf
[sssd]
domains =
ad.mydomain.edu
config_file_version = 2
services = nss, pam, pac
[
domain/ad.mydomain.edu]
debug_level = 9
ad_domain =
ad.mydomain.edu
id_provider = ad
auth_provider = ad
access_provider = ad
chpass_provider = ad
realmd_tags = manages-system joined-with-samba
cache_credentials = True
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = False
use_fully_qualified_names = False
fallback_homedir = /home/%u
ignore_group_members = False
ipa_hbac_support_srchost = True
This option will be ingored because it is an ipa
related option
and you are using ad provider.
ad_access_filter = memberOf=CN=MyOU IT FT,OU=Groups -
DLs,OU=ITS,OU=MyOU,OU=City,DC=ad,DC=mydomain,DC=ed
Does it work if you remove this
line?
BTW you can use simple access provider instead of such filter.
@see man sssd-simple
I would also recomment to read our wiki page
https://fedorahosted.org/sssd/wiki/Troubleshooting
LS