On Tue, May 07, 2013 at 02:35:00PM -0400, Will_Darton(a)navyfederal.org wrote:
Have configured a couple of hundred hosts to use sssd w/ LDAP to
connect
to the Global Catalog of a Windows 2008 Domain for identify and
authentication. All of my RHEL6 servers appear to be fine, however
certain accounts on certain systems in my RHEL5 environments are having
issues.
I'm not aware of differences between RHEL5 and RHEL6 codebase with
respect to LDAP searches that might cause this problem.
upon su - <user> I get the following
[root@slvdcls15 ~]# su - wasadmin
id: cannot find name for user ID 1209
id: cannot find name for user ID 1209
issuing a crontab -l also seems problematic...
$ crontab -l
crontab: your UID isn't in the passwd file.
bailing out.
However querying sssd for info seems ok
$ id
uid=1209(wasadmin) gid=1209(was) groups=1209(was)
$ getent passwd wasadmin
wasadmin:*:1209:1209:WebSphere admin:/home/wasadmin:/bin/ksh
Appreciate any advise assistance in troubleshooting
Package info
sssd-1.5.1-58.el5
Releaee
2.6.18-348.3.1.el5
/etc/sssd/sssd.conf
[domain/sample]
description = Domain
debug_level = 9
I see you already raised debugging in the domain section, can you paste
or attach the domain logs? Feel free to sanitize them first to remove
any sensitive information..
Can you also put the debug_level stanza to the [nss] section to gather
logs from the NSS responder?
enumerate = false
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
access_provider = ldap
ldap_uri = ldaps://<url>:3269
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_cacert = /etc/openldap/cacerts/certificate.cer
ldap_search_base = dc=domain,dc=net
ldap_default_bind_dn = cn=aixldap,OU=service
accounts,DC=sub,DC=domain,DC=net
ldap_default_authtok_type = password
ldap_default_authtok = <password>
ldap_access_filter =
(|(department=*unixadmin*)(department=*tools*)(department=*was*)(department=*oracle*))
ldap_pwd_policy = none
ldap_user_name = cn
ldap_user_object_class = user
ldap_group_object_class = group
ldap_schema = rfc2307bis
ldap_user_home_directory = unixHomeDirectory
ldap_tls_reqcert = never
ldap_referrals = false
case_sensitive = false
[sssd]
services = nss, pam
config_file_version = 2
domains = nfcu
[nss]
[pam]
offline_credentials_expiration = 5
[sudo]
[autofs]
[ssh]
/* -----------------------------
Will Darton
I.T. Operations
Information Services
Navy Federal Credit Union
wk 703.255.8639
cell: 703.232.2344
will_darton(a)navyfederal.org
*/
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users