[SSSD-users] Re: Suggested workarounds for stale kdcinfo.REALM cache file?

2017-11-17 Thread Mark Ignacio
That sounds like a much better idea! Thanks for pointing that out. On Fri, 2017-11-17 at 20:52 +0100, Jakub Hrozek wrote: > On Fri, Nov 17, 2017 at 07:43:15PM +, Mark Ignacio wrote: > > Hey folks, > > > > During an internal reliability test, we recently found out that > >

[SSSD-users] Re: Suggested workarounds for stale kdcinfo.REALM cache file?

2017-11-17 Thread Jakub Hrozek
On Fri, Nov 17, 2017 at 07:43:15PM +, Mark Ignacio wrote: > Hey folks, > > During an internal reliability test, we recently found out that > /var/lib/sss/pubconf/kdcinfo.${REALM} stays static even when the IP > cached there is unreachable or down. During the test, kinit failed > consistently

[SSSD-users] Suggested workarounds for stale kdcinfo.REALM cache file?

2017-11-17 Thread Mark Ignacio
Hey folks, During an internal reliability test, we recently found out that /var/lib/sss/pubconf/kdcinfo.${REALM} stays static even when the IP cached there is unreachable or down. During the test, kinit failed consistently for those unfortunate to have a bad KDC cached. I found this draft

[SSSD-users] Re: id -G user only showing primary group

2017-11-17 Thread Jakub Hrozek
On Tue, Oct 31, 2017 at 10:57:23AM -0600, Jeff Sadowski wrote: > (Tue Oct 31 10:16:44 2017) [sssd[be[mind.unm.edu]]] [ad_sasl_log] > (0x0040): SASL: GSSAPI Error: Unspecified GSS failure. Minor code may > provide more information (Server not found in Kerberos database) > (Tue Oct 31 10:16:44

[SSSD-users] Re: what are the causes of Port status of port 389 for server is 'not working'

2017-11-17 Thread Jakub Hrozek
On Wed, Oct 25, 2017 at 03:43:14PM +0200, Jeremy Monnet wrote: > Hi, > > On Tue, Oct 24, 2017 at 10:03 PM, Jakub Hrozek wrote: > > > > > > > On these 2 servers, authentication works for testu...@sub1.example.com. > > I > > > can authenticate with my_u...@example.com on the

[SSSD-users] Re: AD auth with multiple domains

2017-11-17 Thread Jakub Hrozek
I'm sorry for the late reply, but we've all been busy finishing work on a RHEL update. On Mon, Oct 23, 2017 at 10:29:13AM +0200, Jeremy Monnet wrote: > Hi, > > I am trying to setup an authentication against Active Directory, with > multiple domains, and I haven't been able to find the

[SSSD-users] Re: Change LDAP-Filter for SSSD

2017-11-17 Thread Jakub Hrozek
On Thu, Nov 02, 2017 at 07:06:59PM +0100, Stefan Kania wrote: > Am 02.11.2017 um 17:00 schrieb Mario Rossi: > > If using own objectclass, I would think you will use custom attributes ? > > > > ldap_group_member = *hMemberDN* > > ldap_user_member_of = *description* > > This is what I did now.