> Lets get this straight, you have a user called 'root' in
/etc/passwd
>> and another user called 'root' in AD, is this correct ???
>
> You should name your central user something else. SSSD will
deliberately
> not authenticate root because root should be authenticated by
pam_unix.
>
Hi
How about deleting the user called root in AD, choosing another domain
user called adroot. Then use:
username map = /some/file
to make adroot map to root in /some/file?
adroot is now a domain user with uid 0
Possibly one can do that, but this is just a bad workaround for a bad
assumption in SSSD, namly
that there can not be any system out there who would like to auth "root"
with SSSD.
Jocke
PS.
Keep me on CC