> Maybe you should use the uPNSuffix from domain
c.example.org for
your
> user accounts in domains a.c and a.b? Or add a valid one;
>
http://support2.microsoft.com/kb/243629. Is it possible to use that
> uPNSuffix as default in SSSD?
Yes, since 1.12
Prior to that, you could use either the SSSD domain name as specified in the
config file or the NetBIOS name (which was autodiscovered).
I am limited to the version Ubuntu LTS offers - 1.11.7.
I added default_domain_suffix =
c.example.org to [sssd] section of sssd.conf, but
User 'longina' from
nat.c.example.org can not login on machine joined to
NAT.C.EXAMPLE.COM with short login 'longina'
I can search user object 'longina' in Global Catalog in
c.example.org and
nat.c.example.org
Attached log files(sss_pam, sss_nss):
===============
/etc/sssd/sssd.conf
===============
[nss]
debug_level = 9
filter_groups = root
filter_users =
root,lightdm,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd
[sssd]
debug_level = 6
domains =
nat.c.example.org
default_domain_suffix =
c.example.org
config_file_version = 2
services = nss,pam
[pam]
pam_verbosity = 3
debug_level = 9
[
domain/nat.c.example.org]
debug_level = 9
id_provider = ad
access_provider = ad
auth_provider = ad
chpass_provider = ad
ad_domain =
nat.c.example.org
krb5_realm =
NAT.C.EXAMPLE.ORG
#cache_credentials = True
#krb5_store_password_if_offline = True
default_shell = /bin/bash
override_home_directory = /home/%u
use_fully_qualified_names = False
ldap_id_mapping = False
fallback_homedir = /home-local/%u
==========================================0
sssd_pam.log
===========
[sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate
[sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'longina' matched without
domain, user is longina
[sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default domain [
c.example.org]
[sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE
[sssd[pam]] [pam_print_data] (0x0100): domain:
c.example.org
[sssd[pam]] [pam_print_data] (0x0100): user: longina
[sssd[pam]] [pam_print_data] (0x0100): service: lightdm
[sssd[pam]] [pam_print_data] (0x0100): tty: :0
[sssd[pam]] [pam_print_data] (0x0100): ruser: not set
[sssd[pam]] [pam_print_data] (0x0100): rhost: not set
[sssd[pam]] [pam_print_data] (0x0100): authtok type: 1
[sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
[sssd[pam]] [pam_print_data] (0x0100): priv: 1
[sssd[pam]] [pam_print_data] (0x0100): cli_pid: 1991
[sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/c.example.org/longina]
[sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for
[0x40b150:3:longina@c.example.org]
[sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for
[c.example.org][3][1][name=longina]
[sssd[pam]] [sbus_add_timeout] (0x2000): 0x13d5420
[sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request
[0x40b150:3:longina@c.example.org]
[sssd[pam]] [sbus_remove_timeout] (0x2000): 0x13d5420
[sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x13d4600
[sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
[sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0
errno: 0 error message: Success
[sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for
[longina(a)c.example.org]
[sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x13d6830
[sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x13d83b0
[sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x13d6830
[sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x13d83b0
[sssd[pam]] [ldb] (0x4000): Running timer event 0x13d6830 "ltdb_callback"
[sssd[pam]] [ldb] (0x4000): Destroying timer event 0x13d83b0 "ltdb_timeout"
[sssd[pam]] [ldb] (0x4000): Ending timer event 0x13d6830 "ltdb_callback"
[sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [
NCE/USER/c.example.org/longina] to
negative cache
[sssd[pam]] [pam_check_user_search] (0x0040): No results for getpwnam call
[sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [10].
[sssd[pam]] [pam_reply] (0x0200): blen: 25
[sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request:
[0x40b150:3:longina@c.example.org]
[sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x13d93d0][17]
[sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x13d0af0
[sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
[sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping]
[sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
[sssd[pam]] [sbus_handler_got_caller_id] (0x4000): Received SBUS method [ping]
[sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x13d93d0][17]
[sssd[pam]] [client_recv] (0x0200): Client disconnected!
[sssd[pam]] [client_destructor] (0x2000): Terminated client [0x13d93d0][17]
====================================
sssd_nss.log
=====================================
[sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from
[
c.example.org]
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/c.example.org/longina]
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [longina] does not exist in
[
c.example.org]! (negative cache)
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [longina].
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'longina' matched without
domain, user is longina
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [
c.example.org]
[sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from
[
c.example.org]
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/c.example.org/longina]
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [longina] does not exist in
[
c.example.org]! (negative cache)
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [longina].
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'longina' matched without
domain, user is longina
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [
c.example.org]
[sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from
[
c.example.org]
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/c.example.org/longina]
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [longina] does not exist in
[
c.example.org]! (negative cache)
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [longina].
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'longina' matched without
domain, user is longina
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [
c.example.org]
[sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from
[
c.example.org]
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/c.example.org/longina]
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [longina] does not exist in
[
c.example.org]! (negative cache)
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input
[longina(a)nat.c.example.org].
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): name
'longina(a)nat.c.example.org' matched expression for domain
'nat.c.example.org', user is longina
[sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from
[
nat.c.example.org]
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/nat.c.example.org/longina]
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for
[longina(a)nat.c.example.org]
[sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x151e6a0
[sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1516d70
[sssd[nss]] [ldb] (0x4000): Running timer event 0x151e6a0 "ltdb_callback"
[sssd[nss]] [ldb] (0x4000): Destroying timer event 0x1516d70 "ltdb_timeout"
[sssd[nss]] [ldb] (0x4000): Ending timer event 0x151e6a0 "ltdb_callback"
[sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for
[0x417bf0:1:longina@nat.c.example.org]
[sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for
[nat.c.example.org][4097][1][name=longina]
[sssd[nss]] [sbus_add_timeout] (0x2000): 0x15282b0
[sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request
[0x417bf0:1:longina@nat.c.example.org]
[sssd[nss]] [sbus_remove_timeout] (0x2000): 0x15282b0
[sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 0x1519600
[sssd[nss]] [sbus_dispatch] (0x4000): Dispatching.
[sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0
errno: 0 error message: Success
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/nat.c.example.org/longina]
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for
[longina(a)nat.c.example.org]
[sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x151d790
[sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x151d8c0
[sssd[nss]] [ldb] (0x4000): Running timer event 0x151d790 "ltdb_callback"
[sssd[nss]] [ldb] (0x4000): Destroying timer event 0x151d8c0 "ltdb_timeout"
[sssd[nss]] [ldb] (0x4000): Ending timer event 0x151d790 "ltdb_callback"
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user
[longina(a)nat.c.example.org]
[sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request:
[0x417bf0:1:longina@nat.c.example.org]
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input
[longina(a)nat.c.example.org].
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): name
'longina(a)nat.c.example.org' matched expression for domain 'nat.c.:
example.org', user is longina
[sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from
[
nat.c.example.org]
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/nat.c.example.org/longina]
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for
[longina(a)nat.c.example.org]
[sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1528190
[sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1517960
[sssd[nss]] [ldb] (0x4000): Running timer event 0x1528190 "ltdb_callback"
[sssd[nss]] [ldb] (0x4000): Destroying timer event 0x1517960 "ltdb_timeout"
[sssd[nss]] [ldb] (0x4000): Ending timer event 0x1528190 "ltdb_callback"
[sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user
[longina(a)nat.c.example.org]
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [*other].
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): name '*other' matched without
domain, user is *other
[sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [
c.example.org]
[sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [*other] from
[
c.example.org]
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/c.example.org/*other]
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for
[*other(a)c.example.org]
[sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1517960
[sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x151e6a0
[sssd[nss]] [ldb] (0x4000): Running timer event 0x1517960 "ltdb_callback"
[sssd[nss]] [ldb] (0x4000): Destroying timer event 0x151e6a0 "ltdb_timeout"
[sssd[nss]] [ldb] (0x4000): Ending timer event 0x1517960 "ltdb_callback"
[sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for
[0x417bf0:1:*other@c.example.org]
[sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for
[c.example.org][4097][1][name=*other]
[sssd[nss]] [sbus_add_timeout] (0x2000): 0x151a400
[sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request
[0x417bf0:1:*other@c.example.org]
[sssd[nss]] [sbus_remove_timeout] (0x2000): 0x151a400
[sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 0x1519600
[sssd[nss]] [sbus_dispatch] (0x4000): Dispatching.
[sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0
errno: 0 error message: Success
[sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for
[
NCE/USER/c.example.org/*other]
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for
[*other(a)c.example.org]
[sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1527b00
...
[sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [
NCE/USER/c.example.org/*other] to
negative cache
[sssd[nss]] [nss_cmd_getpwnam_search] (0x0040): No results for getpwnam call
Best,
longina