Hi, everyone
I have a problem with sssd 1.16.0 use in CentOS7 with AD(windows server 2008R2).
I'm use realm join the AD,and sssd config is next: [domain/default] autofs_provider = ldap cache_credentials = True krb5_realm = ARD.INC ldap_search_base = dc=BEIJ,dc=inc id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://192.168.201.207/ ldap_id_use_start_tls = False ldap_tls_cacertdir = /etc/openldap/cacerts
[sssd] domains = default, ARD.inc config_file_version = 2 services = nss, pam [pam]
[autofs]
[domain/ARD.inc] ad_domain = ARD.inc krb5_realm = ARD.INC realmd_tags = manages-system joined-with-samba cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_sasl_authid = YW-CLUSTER-LOGI$ ldap_id_mapping = true use_fully_qualified_names = False fallback_homedir = /home/%u access_provider = ad ldap_idmap_range_min = 5000 ldap_idmap_range_max = 7000 ldap_idmap_range_size = 10
At the beginning it's running very good. But the recent we discovery some user's UID have changed , the UID auto +10. For example, the UID initial is 5333 then user UID auto change to 5343.
Why? How to solve it?
Thanks.
On Mon, Feb 18, 2019 at 03:36:48AM -0000, CharlesLee wrote:
Hi, everyone
I have a problem with sssd 1.16.0 use in CentOS7 with AD(windows server 2008R2).
I'm use realm join the AD,and sssd config is next: [domain/default] autofs_provider = ldap cache_credentials = True krb5_realm = ARD.INC ldap_search_base = dc=BEIJ,dc=inc id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://192.168.201.207/ ldap_id_use_start_tls = False ldap_tls_cacertdir = /etc/openldap/cacerts
[sssd] domains = default, ARD.inc config_file_version = 2 services = nss, pam [pam]
[autofs]
[domain/ARD.inc] ad_domain = ARD.inc krb5_realm = ARD.INC realmd_tags = manages-system joined-with-samba cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_sasl_authid = YW-CLUSTER-LOGI$ ldap_id_mapping = true use_fully_qualified_names = False fallback_homedir = /home/%u access_provider = ad ldap_idmap_range_min = 5000 ldap_idmap_range_max = 7000 ldap_idmap_range_size = 10
At the beginning it's running very good. But the recent we discovery some user's UID have changed , the UID auto +10. For example, the UID initial is 5333 then user UID auto change to 5343.
Why?
I assume the non-defaults range sizes have something to do with it? Why did you tune the range sizes, isn't the default good enough?
Hi Jakub,
Because I want to control the uid in 4 digits.
Thanks for your reply
On Mon, Feb 18, 2019 at 03:27:57PM -0000, CharlesLee wrote:
Hi Jakub,
Because I want to control the uid in 4 digits.
I would suggest that the ID mapping is not the right tool, then and using POSIX IDs might be better.
Hi Jakub, Thanks for your reply.
I was turn off ldap_id_mapping and use POSIX IDs, then the user can not use password of AD. The user can not verify the login linux use AD's password. So I tune the range sizes for control the uid in 4 digits.
On Wed, Feb 27, 2019 at 01:13:03AM -0000, CharlesLee wrote:
Hi Jakub, Thanks for your reply.
I was turn off ldap_id_mapping and use POSIX IDs, then the user can not use password of AD. The user can not verify the login linux use AD's password.
But it would be nice to see some debug logs to know what exactly is happening..
So I tune the range sizes for control the uid in 4 digits.
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
sssd-users@lists.fedorahosted.org