On Fri, Oct 20, 2017 at 09:39:10PM +0200, Andreas Hauffe wrote: > Hi, > > I try to configure a client that is member of active directory domain > s2dom.d1dom.dom.example.com which is a subdomain of d1dom.dom.example.com > which itself is a subdomain of dom.example.com. Now I try to to login with > users from u...@dom.example.com and us...@s2dom.d1dom.dom.example.com. The > last one works without problems. But I'm not able to get a > u...@dom.example.com working. > > my sssd.conf > > [sssd] > services = nss, pam > config_file_version = 2 > domains = s2dom.d1dom.dom.example.com > > [nss] > default_shell=/bin/bash > override_homedir = /home/%u > > [pam] > > [domain/s2dom.d1dom.dom.example.com] > id_provider = ad > access_provider = ad > ldap_schema = ad > ldap_id_mapping=true > ldap_idmap_range_min=1000000 > ldap_idmap_range_max=2000000 > ldap_idmap_range_size=1000000 > use_fully_qualified_names = true
Logs are needed, see https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html but as a general advise I would recommend against touching any of the idmap range parameters unless you are running a very old (1.12 or older) release of sssd. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
