On Wed, 2014-04-30 at 14:25 +0200, Jakub Hrozek wrote:
On Wed, Apr 30, 2014 at 01:21:20PM +0200, steve wrote:
> Hi
> We want to run:
> getent passwd steve2
>
> but we get:
> (Wed Apr 30 13:02:06 2014) [sssd[nss]] [nss_cmd_getpwnam_search]
> (0x0080): No matching domain found for [steve2], fail!
>
> This works fine:
> getent passwd steve2(a)hh3.site
> steve2@hh3.site:*:3000021:20513:steve2:/home/users/steve2:/bin/bash
>
> All our rfc2307 are in Samba4 AD
> Question: Is it possible to drop the domain?
>
> [sssd]
> services = nss, pam
> config_file_version = 2
> domains = hh3.site
> [nss]
> [pam]
> [domain/hh3.site]
> id_provider = ad
> auth_provider = ad
> access_provider = ad
> ldap_id_mapping = False
I would expect also 'getent passwd steve2' to work because your config
doesn't have 'use_fully_qualified_names' set to True.
Do you have multiple domains in your forest maybe?
Can you most more context from the nss log (including the domains that
are tried) ? Feel free to obfuscate any private data.
Can you run:
# ldbsearch -H /var/lib/sss/db/cache_hh3.site.ldb
and check if the user's 'name' attribute is 'steve2' or
'steve2(a)hh3.site' ?
Of course. Clear the cache. A long time we've had any trouble with sssd
so we'd forgotten.
Thanks for a great ad backend and sorry to have wasted time.
Steve
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users