On Wed, Jan 24, 2018 at 10:10:11AM -0500, Geoff Goehle wrote:
> Sorry about the line breaks. Adding "enable_files_domain = false" to the
> [sssd] section fixed the issue. Just out of curiosity, could I ask what that
> does? Its not in the man page.
SSSD has a feature which mirrors the local /etc/passwd and /etc/group
files for faster lookups of local users without having to enable nscd
which is tricky to operate together with sssd, especially if you run
sssd for a remote domain, too:
https://fedoraproject.org/wiki/Changes/SSSDCacheForLocalUsers
But I'm surprised that Debian would enable this feature without changing
the nsswitch.conf order like Fedora did. They probably should disable
the files domain by default..
The files domain is currently identity-only and no authentication is
performed. That, together with the duplicate users and the files domain
running by default has been causing the failures for you..
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
