Sumit Bose <sbose(a)redhat.com> писал(а) в своём письме Wed, 04 Feb 2015
14:09:05 +0600:
On Wed, Feb 04, 2015 at 12:18:44PM +0600, Eugene Peregudov wrote:
> Sumit Bose <sbose(a)redhat.com> писал(а) в своём письме Tue, 03 Feb 2015
> 16:56:40 +0600:
>
> >On Tue, Feb 03, 2015 at 04:17:39PM +0600, Eugene Peregudov wrote:
> >>
> >>Hi,
> >>
> >>I'm trying to authenticate Active Directory users with different UPN
> >>suffixes on my Linux machine.
> >>As described in article (
http://jhrozek.livejournal.com/3019.html)
> SSSD
> >>should support for enterprise logins:
> >>"some users in AD might use a different Kerberos Principal suffix than
> >>the
> >>default one".
> >>
> >>I have two users with different UPN - user1(a)domain.example.com and
> >>user2(a)department.example.com
> >>
> >>#getent passwd user1(a)domain.example.com
> >>
> >>returns valid user entry, but
> >>
> >>#getent passwd user2(a)department.example.com
> >>
> >>returns nothing...
> >>
> >>What's wrong? Can anyone help me with this issue? Thanks!
> >
> >Can you send the related sssd_nss logs with debug_level 10 as well?
> >
> Thanks for answer!
> sssd_nss.log is empty with specified debug_level 10 :(
You have to set it explicitly in the [nss] section.
sssd_nss.log with debug_level 10:
--------------------------------------
[get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[46642].
[reset_idle_timer] (0x4000): Idle timer re-set for client
[0x7f96a099c440][20]
[accept_fd_handler] (0x0400): Client connected!
[reset_idle_timer] (0x4000): Idle timer re-set for client
[0x7f96a099c440][20]
[sss_cmd_get_version] (0x0200): Received client version [1].
[sss_cmd_get_version] (0x0200): Offered version [1].
[reset_idle_timer] (0x4000): Idle timer re-set for client
[0x7f96a099c440][20]
[reset_idle_timer] (0x4000): Idle timer re-set for client
[0x7f96a099c440][20]
[nss_cmd_getbynam] (0x0400): Running command [17] with input
[user2(a)department.example.com].
[sss_dp_issue_request] (0x0400): Issuing request for
[0x7f96a02027a0:domains@DOMAIN.EXAMPLE.COM]
[sss_dp_get_domains_msg] (0x0400): Sending get domains request for
[
DOMAIN.EXAMPLE.COM][forced][department.example.com]
[sbus_add_timeout] (0x2000): 0x7f96a099cde0
[sss_dp_internal_get_send] (0x0400): Entering request
[0x7f96a02027a0:domains@DOMAIN.EXAMPLE.COM]
[sbus_remove_timeout] (0x2000): 0x7f96a099cde0
[sbus_dispatch] (0x4000): dbus conn: 0x7f96a0995fa0
[sbus_dispatch] (0x4000): Dispatching.
[sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code:
0 errno: 0 error message: Success
[ldb] (0x4000): Added timed event "ltdb_callback": 0x7f96a09a0af0
[ldb] (0x4000): Added timed event "ltdb_timeout": 0x7f96a09a0c20
[ldb] (0x4000): Running timer event 0x7f96a09a0af0 "ltdb_callback"
[ldb] (0x4000): Destroying timer event 0x7f96a09a0c20 "ltdb_timeout"
[ldb] (0x4000): Ending timer event 0x7f96a09a0af0 "ltdb_callback"
[ldb] (0x4000): Added timed event "ltdb_callback": 0x7f96a0996ea0
[ldb] (0x4000): Added timed event "ltdb_timeout": 0x7f96a0996f60
[ldb] (0x4000): Running timer event 0x7f96a0996ea0 "ltdb_callback"
[ldb] (0x4000): Destroying timer event 0x7f96a0996f60 "ltdb_timeout"
[ldb] (0x4000): Ending timer event 0x7f96a0996ea0 "ltdb_callback"
[nss_cmd_getbynam_done] (0x0040): Invalid name received
[user2(a)department.example.com]
[sss_dp_req_destructor] (0x0400): Deleting request:
[0x7f96a02027a0:domains@DOMAIN.EXAMPLE.COM]
[reset_idle_timer] (0x4000): Idle timer re-set for client
[0x7f96a099c440][20]
[reset_idle_timer] (0x4000): Idle timer re-set for client
[0x7f96a099c440][20]
[client_recv] (0x0200): Client disconnected!
[client_destructor] (0x2000): Terminated client [0x7f96a099c440][20]
[sbus_dispatch] (0x4000): dbus conn: 0x7f96a0996ac0
[sbus_dispatch] (0x4000): Dispatching.
--------------------------------------
--
With best regards, Eugene JONIK Peregudov
mailto: eugene.peregudov(a)gmail.com