Hi Jakub, I sent the logs you requested directly to you as you suggested so I didnt need to obfuscate thrm. However, I am not sure you received the email?
Thanks, Matthew --- Original Message --- From: "Jakub Hrozek" <jhro...@redhat.com> Sent: 1 October 2013 19:44 To: sssd-users@lists.fedorahosted.org Subject: Re: [SSSD-users] authenticating against all sub-domains in AD forest On Sun, Sep 29, 2013 at 02:41:11PM +0100, a t wrote: > Hi, > > That user, test.user, is in the subdomain a.domain.org. > > Thr logs mark domain.org as a subdomain of b.domain.org. however, this is not > correct - domain.org is the root domain of which b.domain.org is a subdomain. > We do not have users in the root domain. All users are in other subdomains. > > I believe the user I tested in another subdomain, mhunt.t...@a.domain.org did > not show in the logs. When I tried to log in with mhunt.t...@a.domain.org > the logs show that sssd believes that domain "a" is a subdomain if > b.domain.org rather than another subdomain of domain.org. > > I might have to ask if I can send un-obfuscated incase I am adding in > confusion! > > Thanks, > > Matthew Interesting, I see no fatal erorr in the domain log, then. Could you also paste the tail of /var/log/secure after the auth and also put debug_level directive into the [pam] section as well? If you prefer, you can send the logs directly to me without obfuscation. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users