> On 10 Sep 2017, at 16:36, Igor Sever via FreeIPA-users > <freeipa-users@lists.fedorahosted.org> wrote: > > It looks like my problems with AD trust on server side went away when I > upgraded to FreeIPA 4.5 using Centos 7.4 packages, but unfortunately this is > only half of the way. > I have alot of SLES servers 11 and 12, but it looks like SSSD that comes with > SLES is not fully featured as RHEL or Centos. Basic authentication is working > , but policies are not working because group membership is not available on > SLES SSSD client (when checking with id command). Even on SLES 12 SP1 I > cannot get it to work. > In krb5_child.log I see error: > [validate_tgt] (0x0040): sss_extract_and_send_pac failed, group membership > for user with principal [******] might not be correct. > When I try to enable PAC service starting of SSSD fails and I get: > [service_startup_handler] (0x0010): Could not exec /usr/lib/sssd/sssd_pac > --debug-to-files, reason: No such file or directory > I installed all packages related to SSSD and all dependencies. > Is PAC service necessary for group resolution? Is there any other option?
Umm, how old is the sssd there? What version? > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org