Hi All,
I'm using sssd to authenticate users from AD and generally this works fine. However, I
have one server that frequently can't resolve AD users:
[root@HOST ~]# id aduser(a)domain.com
id: aduser(a)domain.com: no such user
or:
[aduser@HOST ~]# crontab -l
crontab: your UID isn't in the passwd file.
bailing out.
Around that time I see errors like this in the log:
[sssd[be[domain.com]]] [sdap_get_generic_op_finished] (0x0400): Search result:
Referral(10), 0000202B: RefErr: DSID-03100781, data 0, 1 access points
ref 1: 'Domain.com'
After a view minutes it works again.
What puzzles me is that I have 2 other servers with the same config using that same user
which don't have any problem.
I'm running sssd- 1.16.4. 21.el7_7.1 on CentOS Linux release 7.7.1908 (Core)
This is my sssd.conf:
[sssd]
debug_level=9
sbus_timeout = 30
reconnection_retries = 3
services = nss, pam
config_file_version = 2
domains =
domain.com
[pam]
debug_level=9
pam_verbosity = 3
reconnection_retries = 3
[nss]
debug_level=9
reconnection_retries = 3
[
domain/domain.com]
debug_level=9
ad_site = SITE
use_fully_qualified_names = true
override_homedir = /home/%u
dyndns_update = false
ldap_schema = ad
id_provider = ad
ad_enabled_domains =
sub.domain.com,
domain.com
ad_gpo_access_control = disabled
case_sensitive = true
cache_credentials = true
min_id = 1000
ldap_id_mapping = False
ldap_group_nesting_level = 4
ldap_user_primary_group = gidNumber
ad_hostname =
host.domain.com
ignore_group_members = TRUE
access_provider = simple
simple_allow_groups = group1@domain.com,group2@sub.domain.com,group3(a)sub.domain.com
Thank you,
Christoph
DISCLAIMER
The content of this email and any files transmitted with it may be confidential and
intended solely for the use of the individual named. If you have received this email in
error please let us know and delete the content from your system. You may NOT copy or
disclose the information to anyone. We do not accept any liability if this email is used
for an alternative purpose from which it is intended, nor to any third party in respect
thereof. The sender does not accept liability for any errors or omissions in the contents
of this message, which arise as a result of e-mail transmission.
Unless we have agreed otherwise in writing, Sony DADC’s Standard Terms and Conditions of
Business will apply to any services and-or disc/home-entertainment related products we
provide to you, our Consumer Sales General Conditions will apply to any consumer
electronics products we supply to you and our General Conditions of Purchase will apply to
any goods and/or services we purchase from you.