> > Maybe you should use the uPNSuffix from domain c.example.org for your > > user accounts in domains a.c and a.b? Or add a valid one; > > http://support2.microsoft.com/kb/243629. Is it possible to use that > > uPNSuffix as default in SSSD? > > Yes, since 1.12 > > Prior to that, you could use either the SSSD domain name as specified in the > config file or the NetBIOS name (which was autodiscovered).
I am limited to the version Ubuntu LTS offers - 1.11.7. I added default_domain_suffix = c.example.org to [sssd] section of sssd.conf, but User 'longina' from nat.c.example.org can not login on machine joined to NAT.C.EXAMPLE.COM with short login 'longina' I can search user object 'longina' in Global Catalog in c.example.org and nat.c.example.org Attached log files(sss_pam, sss_nss): =============== /etc/sssd/sssd.conf =============== [nss] debug_level = 9 filter_groups = root filter_users = root,lightdm,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd [sssd] debug_level = 6 domains = nat.c.example.org default_domain_suffix = c.example.org config_file_version = 2 services = nss,pam [pam] pam_verbosity = 3 debug_level = 9 [domain/nat.c.example.org] debug_level = 9 id_provider = ad access_provider = ad auth_provider = ad chpass_provider = ad ad_domain = nat.c.example.org krb5_realm = NAT.C.EXAMPLE.ORG #cache_credentials = True #krb5_store_password_if_offline = True default_shell = /bin/bash override_home_directory = /home/%u use_fully_qualified_names = False ldap_id_mapping = False fallback_homedir = /home-local/%u ==========================================0 sssd_pam.log =========== [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'longina' matched without domain, user is longina [sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default domain [c.example.org] [sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE [sssd[pam]] [pam_print_data] (0x0100): domain: c.example.org [sssd[pam]] [pam_print_data] (0x0100): user: longina [sssd[pam]] [pam_print_data] (0x0100): service: lightdm [sssd[pam]] [pam_print_data] (0x0100): tty: :0 [sssd[pam]] [pam_print_data] (0x0100): ruser: not set [sssd[pam]] [pam_print_data] (0x0100): rhost: not set [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 [sssd[pam]] [pam_print_data] (0x0100): priv: 1 [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 1991 [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/c.example.org/longina] [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x40b150:3:long...@c.example.org] [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [c.example.org][3][1][name=longina] [sssd[pam]] [sbus_add_timeout] (0x2000): 0x13d5420 [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x40b150:3:long...@c.example.org] [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x13d5420 [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x13d4600 [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [long...@c.example.org] [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x13d6830 [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x13d83b0 [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x13d6830 [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x13d83b0 [sssd[pam]] [ldb] (0x4000): Running timer event 0x13d6830 "ltdb_callback" [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x13d83b0 "ltdb_timeout" [sssd[pam]] [ldb] (0x4000): Ending timer event 0x13d6830 "ltdb_callback" [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/c.example.org/longina] to negative cache [sssd[pam]] [pam_check_user_search] (0x0040): No results for getpwnam call [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [10]. [sssd[pam]] [pam_reply] (0x0200): blen: 25 [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x40b150:3:long...@c.example.org] [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x13d93d0][17] [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x13d0af0 [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit [sssd[pam]] [sbus_handler_got_caller_id] (0x4000): Received SBUS method [ping] [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x13d93d0][17] [sssd[pam]] [client_recv] (0x0200): Client disconnected! [sssd[pam]] [client_destructor] (0x2000): Terminated client [0x13d93d0][17] ==================================== sssd_nss.log ===================================== [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from [c.example.org] [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/c.example.org/longina] [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [longina] does not exist in [c.example.org]! (negative cache) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [longina]. [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'longina' matched without domain, user is longina [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [c.example.org] [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from [c.example.org] [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/c.example.org/longina] [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [longina] does not exist in [c.example.org]! (negative cache) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [longina]. [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'longina' matched without domain, user is longina [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [c.example.org] [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from [c.example.org] [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/c.example.org/longina] [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [longina] does not exist in [c.example.org]! (negative cache) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [longina]. [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'longina' matched without domain, user is longina [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [c.example.org] [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from [c.example.org] [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/c.example.org/longina] [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [longina] does not exist in [c.example.org]! (negative cache) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [long...@nat.c.example.org]. [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'long...@nat.c.example.org' matched expression for domain 'nat.c.example.org', user is longina [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from [nat.c.example.org] [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/nat.c.example.org/longina] [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [long...@nat.c.example.org] [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x151e6a0 [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1516d70 [sssd[nss]] [ldb] (0x4000): Running timer event 0x151e6a0 "ltdb_callback" [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x1516d70 "ltdb_timeout" [sssd[nss]] [ldb] (0x4000): Ending timer event 0x151e6a0 "ltdb_callback" [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x417bf0:1:long...@nat.c.example.org] [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [nat.c.example.org][4097][1][name=longina] [sssd[nss]] [sbus_add_timeout] (0x2000): 0x15282b0 [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x417bf0:1:long...@nat.c.example.org] [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x15282b0 [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 0x1519600 [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/nat.c.example.org/longina] [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [long...@nat.c.example.org] [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x151d790 [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x151d8c0 [sssd[nss]] [ldb] (0x4000): Running timer event 0x151d790 "ltdb_callback" [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x151d8c0 "ltdb_timeout" [sssd[nss]] [ldb] (0x4000): Ending timer event 0x151d790 "ltdb_callback" [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [long...@nat.c.example.org] [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x417bf0:1:long...@nat.c.example.org] [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [long...@nat.c.example.org]. [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'long...@nat.c.example.org' matched expression for domain 'nat.c.: example.org', user is longina [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from [nat.c.example.org] [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/nat.c.example.org/longina] [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [long...@nat.c.example.org] [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1528190 [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1517960 [sssd[nss]] [ldb] (0x4000): Running timer event 0x1528190 "ltdb_callback" [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x1517960 "ltdb_timeout" [sssd[nss]] [ldb] (0x4000): Ending timer event 0x1528190 "ltdb_callback" [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [long...@nat.c.example.org] [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input [*other]. [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name '*other' matched without domain, user is *other [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain [c.example.org] [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [*other] from [c.example.org] [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/c.example.org/*other] [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [*ot...@c.example.org] [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1517960 [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x151e6a0 [sssd[nss]] [ldb] (0x4000): Running timer event 0x1517960 "ltdb_callback" [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x151e6a0 "ltdb_timeout" [sssd[nss]] [ldb] (0x4000): Ending timer event 0x1517960 "ltdb_callback" [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x417bf0:1:*ot...@c.example.org] [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [c.example.org][4097][1][name=*other] [sssd[nss]] [sbus_add_timeout] (0x2000): 0x151a400 [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x417bf0:1:*ot...@c.example.org] [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x151a400 [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 0x1519600 [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/c.example.org/*other] [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [*ot...@c.example.org] [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1527b00 ... [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/c.example.org/*other] to negative cache [sssd[nss]] [nss_cmd_getpwnam_search] (0x0040): No results for getpwnam call Best, longina _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users