On 07/18/2014 11:53 AM, Rowland Penny wrote:
> On 18/07/14 16:18, Jakub Hrozek wrote:
>> On Thu, Jul 10, 2014 at 11:20:10AM +0100, Rowland Penny wrote:
>>> Any suggest to what I check next??
>> Sorry for the delayed reply.
>>
>> Looks like an ACI problem to me, the first search binds as
>> NETBOOK$(a)EXAMPLE.COM, the second as
>> cn=Administrator,cn=Users,dc=example,dc=com
>> _______________________________________________
>> sssd-users mailing list
>> sssd-users(a)lists.fedorahosted.org
>>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
> ER, could you please expand 'ACI' for me, I haven't a clue what you
> are talking about ;-)
Access Control Instructions in LDAP on the server side.
In one case the account has privileges to get information and in other
it does not. You need to change permission on the server for the SSSD
account to have permission to do the search.
Thanks, you have confirmed what I thought was going on, have you any
idea how I can give machines the required rights in Active Directory or
can you point me at a webpage that explains how to do it?
Rowland