> Date: Tue, 1 Oct 2013 20:43:54 +0200 > From: jhro...@redhat.com > To: sssd-users@lists.fedorahosted.org > Subject: Re: [SSSD-users] authenticating against all sub-domains in AD forest > > On Sun, Sep 29, 2013 at 02:41:11PM +0100, a t wrote: > > Hi, > > > > That user, test.user, is in the subdomain a.domain.org. > > > > Thr logs mark domain.org as a subdomain of b.domain.org. however, this is > > not correct - domain.org is the root domain of which b.domain.org is a > > subdomain. We do not have users in the root domain. All users are in other > > subdomains. > > > > I believe the user I tested in another subdomain, mhunt.t...@a.domain.org > > did not show in the logs. When I tried to log in with > > mhunt.t...@a.domain.org the logs show that sssd believes that domain "a" is > > a subdomain if b.domain.org rather than another subdomain of domain.org. > > > > I might have to ask if I can send un-obfuscated incase I am adding in > > confusion! > > > > Thanks, > > > > Matthew > > Interesting, I see no fatal erorr in the domain log, then. Could you > also paste the tail of /var/log/secure after the auth and also put > debug_level directive into the [pam] section as well? > > If you prefer, you can send the logs directly to me without obfuscation. > _______________________________________________ > sssd-users mailing list > sssd-users@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Hi, I'll send the logs direct, thank you. I have debug_level = 8. Is that Ok or too chatty? Thanks, Matthew
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users