Hi All,

 

I am trying to get SSSD working with an Active Directory.

 

The SSSD machine is a member of the sub domain student.example.com and this works as expected.

 

I can do all the getent, id’s and groups:

 

[root@puppetmaster-test sssd]# getent group "Server Administrators"

server administrators:*:10006:sa.cassond

[root@puppetmaster-test sssd]# getent passwd sa.cassond

sa.cassond:*:10005:10006:Don Casson:/home/sa.cassond:/bin/bash

[root@puppetmaster-test sssd]# groups sa.cassond

sa.cassond : server administrators

[root@puppetmaster-test sssd]# id cassond

uid=10007(cassond) gid=10006(server administrators) groups=10006(server administrators)

 

 

When I do the same for users in the parent domain (example.com)

 

[root@puppetmaster-test sssd]#  getent  passwd duckd@example.com

[root@puppetmaster-test sssd]#

 

I get no users and this error in the sssd_nss.log:

 

(Fri Feb  7 11:16:49 2014) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected!

(Fri Feb  7 11:16:49 2014) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1].

(Fri Feb  7 11:16:49 2014) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1].

(Fri Feb  7 11:16:49 2014) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x435b80:domains@student.example.com]

(Fri Feb  7 11:16:49 2014) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [student.example.com][forced][example.com]

(Fri Feb  7 11:16:49 2014) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x435b80:domains@student.example.com]

(Fri Feb  7 11:16:49 2014) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 19 error message: Subdomains back end target is not configured

(Fri Feb  7 11:16:49 2014) [sssd[nss]] [nss_cmd_getpwnam_cb] (0x0040): Invalid name received [duckd@example.com]

(Fri Feb  7 11:16:49 2014) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x435b80:domains@student.example.com]

(Fri Feb  7 11:16:49 2014) [sssd[nss]] [client_recv] (0x0200): Client disconnected!

 

Please help! Do I need to be on a higher version of SSSD to support subdomains with the “id_provider=ad”? Am i missing something in the configuration to support sub domains? Is this a bug in SSSD ?

 

 

OS and SSD version: RHEL 6.3 and sssd 1.9.2-129

 

[sssd]

config_file_version = 2

domains = student.example.com

services = nss, pam, ssh

debug_level = 7

 

[nss]

# The following prevents SSSD from searching for the root user/group in

# all domains (you can add here a comma-separated list of system accounts that

# are always going to be /etc/passwd users, or that you want to filter out).

filter_groups = root

filter_users = root

reconnection_retries = 3

debug_level = 7

 

[pam]

debug_level = 7

 

[domain/student.example.com]

# disable Windows SID to UID mapping

ldap_id_mapping = false

debug_level = 7

cache_credentials = true

#enumerate = true

case_sensitive = false

id_provider = ad

ad_domain = student.example.com

 

 

# LDAP options

ldap_user_shell = loginShell

ldap_user_home_directory = unixHomeDirectory

ldap_schema = rfc2307bis

 

ldap_group_member = msSFU30PosixMember

 

 

# krb5 options

krb5_canonicalize = false

 

Thanks in advance.

 

Cheers

Don