I'm not sure that we do need it... I think it was put in the config as a
placeholder for old accounts on legacy systems when deciding on how UID ranges
should be mapped when we ultimately migrate to a FreeIPA domain that trusts our
AD forest. We're having some issues getting permission from the
On Thu, May 03, 2018 at 10:08:34AM +0200, John Hearns wrote:
> To explain, I just sent a reply from my personal Googlemail.
>
> I am now getting this logged:
> May 03 10:05:02 client1 [sssd[ldap_child[2481]: Failed to initialize
> credentials using keytab [MEMORY:/etc/krb5.keytab]: Client
> 'host/
This is a bug that was fixed recently upstrea, but not in RHEL/centos yet.
Do you actually use the local domain?
> On 1 Jun 2018, at 18:47, David Potterveld wrote:
>
> I'm having an issue with sssd failing to look up user or group names from an
> AD provider. The error occurs on both modern F
First, I’m sorry that I missed the e-mail in the moderation queue. We get a
fair amount of spam and things sometimes slip through.
> On 20 May 2018, at 14:23, Christian Svensson wrote:
>
> Hi sssd-users,
>
> My LDAP setup contains two bases:
> dc=office1,dc=company,dc=tld
> dc=office2,dc=compa
I'm having an issue with sssd failing to look up user or group names from an AD
provider. The error occurs on both modern Fedora and Centos 7 systems joined to
AD via realm commands. On Centos 7, the version of SSSD is 1.16.0, and that is
the version on which I am reporting.
The systems will wo
> On 1 Jun 2018, at 15:10, John Hearns wrote:
>
> Jakub, a genuine thankyou for the response.
>
> I have logs of course, at a high debug level. I find that they are very
> verbose.
> Do you have a suggestion please as to
> (a) which of the logs to look at for this problem? I guess sssd_nss
Jakub, a genuine thankyou for the response.
I have logs of course, at a high debug level. I find that they are very
verbose.
Do you have a suggestion please as to
(a) which of the logs to look at for this problem? I guess sssd_nss.log
(b) any particular patterns I should look out for?
On 1 Ju
Hi sssd-users,
My LDAP setup contains two bases:
dc=office1,dc=company,dc=tld
dc=office2,dc=company,dc=tld
Groups can cross-reference other groups in the two bases, like this:
cn=printer-access,ou=groups,dc=office1,dc=company,dc=tld
- member: cn=everybody,ou=groups,dc=office1,dc=company,dc=tld
-
To explain, I just sent a reply from my personal Googlemail.
I am now getting this logged:
May 03 10:05:02 client1 [sssd[ldap_child[2481]: Failed to initialize
credentials using keytab [MEMORY:/etc/krb5.keytab]: Client
'host/client1@ADTEST.PRIVATE' not
May 03 10:05:02 client1 [sssd[ldap_child[2481
Jakub, thankyou for your reply.
Client OS is Ubuntu Xenial. Yes, I know... pats favourite labrador
goodbye. Sound of drawer opening and service revolver being loaded...
I did realise that the option p_auth_disable_tls_never_use_in_production =
true
the problem I have is that there is a CA cert
On Fri, Jun 01, 2018 at 11:31:55AM +, JOHE (John Hearns) wrote:
> I am seeing some very strange behaviour.
>
> Very often when I issue the command 'groups username' then only the local
> groups in /etc/group are returned.
>
> Issue the command again then the list with the local groups plus
I am seeing some very strange behaviour.
Very often when I issue the command 'groups username' then only the local
groups in /etc/group are returned.
Issue the command again then the list with the local groups plus the AD groups
is returned.
In /etc/nsswitch.conf group:
12 matches
Mail list logo