Since you do not have re_expression tuned, any query in the form ofOn Tue, Oct 06, 2015 at 03:40:45PM +0200, liedekef@telenet.be wrote:
> (sorry for top-osting, but using a webmail client for now).
> Here's my config (some obfuscation done):
>
> [sssd]
> config_file_version = 2
>
> # Number of times services should attempt to reconnect in the
> # event of a crash or restart before they give up
> reconnection_retries = 3
>
> # If a back end is particularly slow you can raise this timeout here
> sbus_timeout = 30
> services = nss, pam, ssh, sudo
>
> # SSSD will not start if you do not configure any domains.
> # Add new domain configurations as [domain/<NAME>] sections, and
> # then add the list of domains (in the order you want them to be
> # queried) to the "domains" attribute below and uncomment it.
> # domains = LOCAL,LDAP
>
> domains = LDAP
> [nss]
> # The following prevents SSSD from searching for the root user/group in
> # all domains (you can add here a comma-separated list of system accounts that
> # are always going to be /etc/passwd users, or that you want to filter out).
> filter_groups = root
> filter_users = root,ldap,named,avahi,haldaemon,messagebus,dbus,vcsa,ntp
> reconnection_retries = 3
>
> # The entry_cache_nowait_percentage indicates the percentage of the
> # entry_cache_timeout to wait before updating the cache out-of-band.
> # (NSS requests will still be returned from cache until the full
> # entry_cache_timeout). Setting this value to 0 turns this feature
> # off (default).
> # entry_cache_nowait_percentage = 300
foo@bar gets split into (name=foo, domain=bar) and if there's no domain
bar, then sssd just shortcuts and returns ENOENT.
Can you try adding::
re_expression = (?P<name>.+)
to the [sssd] section? That essentially tells sssd that the whole input
string is a username. The downside is that you won't be able to use
multiple domains..