on sssd restart I can't see theOn 12/10/2013 05:21 PM, Jakub Hrozek wrote:
I have like thisOn Tue, Dec 10, 2013 at 04:57:47PM +0200, Dan Candea wrote:On 12/09/2013 07:00 PM, Lukas Slebodnik wrote:I would suggest to configure sssd against AD with relamd. debian >= jessie and ubuntu >= raring contain this package. http://packages.debian.org/jessie/realmd http://packages.ubuntu.com/raring/realmd LSThx, this gave me a new config to start-up, and finally it worked. Any workaround until this https://fedorahosted.org/sssd/ticket/1560 is solved?Can you try setting: ldap_user_ssh_public_key = sshPublicKey
[domain/2FA.TEST]
ad_server = 2fa-ad.2FA.TEST
ad_domain = 2FA.TEST
krb5_realm = 2FA.TEST
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%d/%u
access_provider = ad
krb5_use_enterprise_principal = True
debug_level = 10
enumerate = False
ldap_referrals = False
ldap_id_mapping = True
min_id = 1000
ad_access_filter = memberOf=CN=Linux-Admins,OU=Security Groups,DC=2FA,DC=TEST
ldap_user_search_filer = memberOf=CN=Linux-Admins,OU=Security Groups,DC=2FA,DC=TEST
ldap_user_ssh_public_key = sshPublicKey
but in the sssd_ldap log I can see
[sssd[be[2FA.TEST]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sshPublicKey]
.....
[sssd[be[2FA.TEST]]] [sdap_attrs_add_ldap_attr] (0x2000): sshPublicKey is not available for [testuser].
and in the ldapsearch i can see the attribute
sshPublicKey: ssh-rsa AAAAB.....
Thx
-- Dan Cândea Does God Play Dice?
-- Dan Cândea Does God Play Dice?