Hi All,
I am trying to get SSSD working with an Active Directory. The SSSD machine is a member of the sub domain student.example.com and this works as expected. I can do all the getent, id's and groups: [root@puppetmaster-test sssd]# getent group "Server Administrators" server administrators:*:10006:sa.cassond [root@puppetmaster-test sssd]# getent passwd sa.cassond sa.cassond:*:10005:10006:Don Casson:/home/sa.cassond:/bin/bash [root@puppetmaster-test sssd]# groups sa.cassond sa.cassond : server administrators [root@puppetmaster-test sssd]# id cassond uid=10007(cassond) gid=10006(server administrators) groups=10006(server administrators) When I do the same for users in the parent domain (example.com) [root@puppetmaster-test sssd]# getent passwd [email protected] [root@puppetmaster-test sssd]# I get no users and this error in the sssd_nss.log: (Fri Feb 7 11:16:49 2014) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! (Fri Feb 7 11:16:49 2014) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Fri Feb 7 11:16:49 2014) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Fri Feb 7 11:16:49 2014) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x435b80:[email protected]] (Fri Feb 7 11:16:49 2014) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [student.example.com][forced][example.com] (Fri Feb 7 11:16:49 2014) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x435b80:[email protected]] (Fri Feb 7 11:16:49 2014) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 19 error message: Subdomains back end target is not configured (Fri Feb 7 11:16:49 2014) [sssd[nss]] [nss_cmd_getpwnam_cb] (0x0040): Invalid name received [[email protected]] (Fri Feb 7 11:16:49 2014) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x435b80:[email protected]] (Fri Feb 7 11:16:49 2014) [sssd[nss]] [client_recv] (0x0200): Client disconnected! Please help! Do I need to be on a higher version of SSSD to support subdomains with the "id_provider=ad"? Am i missing something in the configuration to support sub domains? Is this a bug in SSSD ? OS and SSD version: RHEL 6.3 and sssd 1.9.2-129 [sssd] config_file_version = 2 domains = student.example.com services = nss, pam, ssh debug_level = 7 [nss] # The following prevents SSSD from searching for the root user/group in # all domains (you can add here a comma-separated list of system accounts that # are always going to be /etc/passwd users, or that you want to filter out). filter_groups = root filter_users = root reconnection_retries = 3 debug_level = 7 [pam] debug_level = 7 [domain/student.example.com] # disable Windows SID to UID mapping ldap_id_mapping = false debug_level = 7 cache_credentials = true #enumerate = true case_sensitive = false id_provider = ad ad_domain = student.example.com # LDAP options ldap_user_shell = loginShell ldap_user_home_directory = unixHomeDirectory ldap_schema = rfc2307bis ldap_group_member = msSFU30PosixMember # krb5 options krb5_canonicalize = false Thanks in advance. Cheers Don
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
