> Lets get this straight, you have a user called 'root' in
>> and another user called 'root' in AD, is this correct ???
> You should name your central user something else. SSSD will
> not authenticate root because root should be authenticated by
How about deleting the user called root in AD, choosing another domain
user called adroot. Then use:
username map = /some/file
to make adroot map to root in /some/file?
adroot is now a domain user with uid 0
Possibly one can do that, but this is just a bad workaround for a bad
assumption in SSSD, namly
that there can not be any system out there who would like to auth "root"
Keep me on CC