Error No matching domain found for 5001 in sssd_nss.log

John Nissley jnissley at
Sun Jul 11 05:08:23 UTC 2010

I will admit that getting fedora 13 to authenticate against my dirsrv 
ldap server has been an interesting experience.  I still do not think I 
have it right since getent passwd does not display the ldap users but 
for some reason I am able to log in with my ldap user name and password 
and the home directory mapping is pulled out of ldap.

This error is in my sssd.nss.log file after reboot when I try to log in.
[sssd[nss]] [nss_cmd_getgrgid_callback] (0): No matching domain found 
for [5001], fail!
The interesting thing is that the uid for the user trying to 
authenticate is 5001 so that must be coming back from the ldap server.

Here is what matters in my nsswitch.conf file.
passwd:     files sss
shadow:     files sss
group:      files sss

If I change that to files ldap then getent passwd will return my ldap 
users but then initial boot takes about 10 minutes since the computer 
tries to contact the ldap server during boot up before the ethernet card 
has been brought up.

Here is what matters from my sssd.conf file.
[domain/xxxxxxx] (where xxxxxxx is the domain in ldap)
ldap_id_use_start_tls = True
cache_credentials = True
debug_level = 0
ldap_search_base = dc=nissley,dc=org
chpass_provider = ldap
id_provider = ldap
auth_provider = ldap
cache_credentials = True
min_id = 100
ldap_uri = ldap://
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_reqcert = allow

I do have an issue with a self signed certificate so that is why I am 
using the ldap_tls_reqcert = allow setting.

Can some on please help me straighten out my network login via ldap 
problem I am having.  I was doing the same network login to the same 
ldap server with Fedora 12 and had no issues at all.  Fedora 13 requires 
tls or ldaps which is where my problems started.  I was not using either 
of them when using Fedora 12.

Thank you.

More information about the users mailing list