What is the preferable way for joining AD for sssd client machine - 'adcli join'
or 'realm join' ?
'realm discover' says it requires 'adcli' package does it mean that
'realm' self uses it?
Best
Longina
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Longina Przybyszewska
Sent: 24. januar 2014 12:54
To: 'End-user discussions about the System Security Services Daemon'
Subject: Re: [SSSD-users] sssd-1.11.1 in Saucy
Ups. I just run into another strange problem - can not start sssd with working previously
sssd.conf.
This is my laptop - I worked at home yesterday, on my local account and home wireless
network; At work, I turned off wireless, working on wired network, the same local
account;
Wanted reset sssd - can't do that anymore.
alongina@longina-nb:~$ sudo sssd -i -d9 -f [sudo] password for alongina:
(Fri Jan 24 12:43:54:927427 2014) [sssd[be[nat.c.sdu.dk]]] [ldb] (0x0400):
server_sort:Unable to register control with rootdse!
(Fri Jan 24 12:43:54:959764 2014) [sssd[nss]] [ldb] (0x0400): server_sort:Unable to
register control with rootdse!
(Fri Jan 24 12:43:54:959794 2014) [sssd[pam]] [ldb] (0x0400): server_sort:Unable to
register control with rootdse!
tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide
more information, Minor = Server not found in Kerberos database.
Best
Longina
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Jakub Hrozek
Sent: 24. januar 2014 11:49
To: sssd-users(a)lists.fedorahosted.org
Subject: Re: [SSSD-users] sssd-1.11.1 in Saucy
On Fri, Jan 24, 2014 at 10:42:34AM +0000, Longina Przybyszewska wrote:
I tried sssd in Ubuntu-Saucy ,clean installation, AD provider.
"+" sides:
-can join AD with 'realm' :
-auto created krb5.keytab for computer -auto created DNS entries for
computer
"-" sides:
-sssd on start auto generates buggy /etc/sssd/sssd.conf (white space
before end of line in entry:
realmd_tags = manages-system joined-with-samba;
)
This sounds like a realmd issue, but it shouldn't matter, we fixed the libini bug
which caused us to fail with trailing whitespace. Do you still see it?
-cannot login as member@ad_domain from GUI
^^^^
Can you log in from ssh or console?
login even if
'id member@ad_domain' cli can find out data
This is my auto configured config file:
-----------------------------------------
[sssd]
domains =
a.c.example.com
config_file_version = 2
services = nss, pam
[
domain/a.c.example.com]
ad_domain =
a.c.example.com
krb5_realm =
A.C.EXAMPLE.COM
realmd_tags = manages-system joined-with-samba cache_credentials =
True id_provider = ad krb5_store_password_if_offline = True
default_shell = /bin/bash ldap_id_mapping = True
use_fully_qualified_names = True fallback_homedir = /home/%u
access_provider = ad
Any ideas?
Not many without logs, sorry..
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users