On 07/18/2014 03:19 PM, Rowland Penny wrote:
> On 18/07/14 20:03, Dmitri Pal wrote:
>> On 07/18/2014 11:53 AM, Rowland Penny wrote:
>>> On 18/07/14 16:18, Jakub Hrozek wrote:
>>>> On Thu, Jul 10, 2014 at 11:20:10AM +0100, Rowland Penny wrote:
>>>>> Any suggest to what I check next??
>>>> Sorry for the delayed reply.
>>>> Looks like an ACI problem to me, the first search binds as
>>>> NETBOOK$(a)EXAMPLE.COM, the second as
>>>> sssd-users mailing list
>>> ER, could you please expand 'ACI' for me, I haven't a clue what
>>> are talking about ;-)
>> Access Control Instructions in LDAP on the server side.
>> In one case the account has privileges to get information and in
>> other it does not. You need to change permission on the server for
>> the SSSD account to have permission to do the search.
> Thanks, you have confirmed what I thought was going on, have you any
> idea how I can give machines the required rights in Active Directory
> or can you point me at a webpage that explains how to do it?
Sorry, no. I would defer to technical gurus to chime in on Monday.
> sssd-users mailing list
OK, I have now got sudo to work on my laptop, but the only way I could
find was to add the laptop to Domain Admins. This confirms that it is a
permissions problem, but I do not think adding every linux computer to
Domain Admins is really a good idea.
So where do we go from here ?? will sssd & sudo work out of the box on
any linux distro against AD ?