Hi!
I am trying to authentticate my ubuntu users via Active directory and also autofs mounting. May be I am doing something wrong or missing some key attributes but I checked it from last couple of days and decided to write.
I have configured my sssd.conf and using ldaps for communication. After troubleshooting my issue now I am able to get the result for my output like getent passwd AD-username and id AD-username
I am logged on to ubuntu machine with local account and running id AD-Username and getent passwd AD-username and it takes ages to get reply back.
uid=1348(AD-username) gid=100(users) groups=100(users)
when I trun getend group groupname then nothing happens.
I have attached my sssd.conf file.
I am using Ubuntu 18.04
Version: 1.16.1-1ubuntu1.4
Version: 1.16.1-1ubuntu1.4
[sssd]
config_file_version = 2
services = nss, pam, sudo, autofs
domains = mycompany.local
default_domain_suffix = mycompany.local
[nss]
debug_level = 9
filter_groups = root
filter_users = root
reconnection_retries = 3
#If want override the shell for all users uncomment follow line
#override_shell = /bin/bash
[pam]
debug_level = 9
[sudo]
debug_level = 3
[autofs]
[domain/mycompany.local]
debug_level = 9
enumerate = false
case_sensitive = false
cache_credentials = true
min_id = 100
#ldap_id_mapping = True
#ldap_user_primary_group = primaryGroupID
case_sensitive = false
### --- Providers --- ###
id_provider = ldap
auth_provider = ldap
access_provider = simple
chpass_provider = ldap
### --- LDAP GENERAL --- ###
ldap_id_use_start_tls = false
ldap_schema = rfc2307
ldap_tls_cacertdir = /etc/ldap/cacerts
#ldap_tls_cacert = /etc/ssl/dc01.cer
### LDAP user search settings ###
ldap_user_search_base = DC=mycompany,DC=local
# LDAP group search settings
ldap_group_search_base = DC=mycompany,DC=local
# LDAP Class settings
### --- LDAP Class settings --- ####
ldap_user_object_class = user
ldap_user_name = sAMAccountName
ldap_user_gecos = displayName
#ldap_user_principal = userPrincipalName
ldap_user_home_directory = unixHomeDirectory
ldap_user_member_of = memberOf
ldap_group_object_class = group
ldap_group_name = sAMAccountName
ldap_group_member = memberUid
ldap_network_timeout = 3
#ldap_access_filter = (&(objectclass=shadowaccount)(objectclass=posixaccount))
ad_server = dc01.mycompany.local
### --- LDAP connection settings --- ###
ldap_uri = ldaps://dc01.mycompany.local:636
ldap_default_bind_dn = CN=serviceaccount,OU=ServiceAccounts,DC=mycompany,DC=local
ldap_default_authtok_type = password
ldap_default_authtok = mypassword
# Access settings via simple
# simple_allow_groups = lusers
simple_allow_groups = Users
## Temp TEst
ldap_opt_timeout = 20
dns_resolver_timeout = 10
### AutoFS
autofs_provider = ldap
ldap_autofs_entry_key = cn
ldap_autofs_entry_object_class = nisObject
ldap_autofs_entry_value = nisMapEntry
ldap_autofs_map_name = nisMapName
ldap_autofs_map_object_class = nisMap
ldap_autofs_search_base = ou=automount,DC=mycompany,dc=local
Thanks