2015-01-23 11:26 GMT+01:00 Longina Przybyszewska
<longina(a)sdu.dk>:
>> > Maybe you should use the uPNSuffix from domain
c.example.org for
>> > your user accounts in domains a.c and a.b? Or add a valid one;
>> >
http://support2.microsoft.com/kb/243629. Is it possible to use that
>> > uPNSuffix as default in SSSD?
>>
>> Yes, since 1.12
>>
>> Prior to that, you could use either the SSSD domain name as specified
>> in the config file or the NetBIOS name (which was autodiscovered).
>
> I am limited to the version Ubuntu LTS offers - 1.11.7.
>
> I added default_domain_suffix =
c.example.org to [sssd] section of
> sssd.conf, but User 'longina' from
nat.c.example.org can not login on
machine joined to
NAT.C.EXAMPLE.COM with short login 'longina'
>
Did you change the account longinas UPN suffix from @nat.c.example.org to
@c.example.org?
You mean, longina's attribute in AD object? No. I am afraid, that change is not
possible;
UPN is set up mostly to 'example.org' for all user accounts - it can differ from
person to person, and there is reason for that.
Best,
Longina
> I can search user object 'longina' in Global Catalog in
c.example.org
> and
nat.c.example.org
>
> Attached log files(sss_pam, sss_nss):
> ===============
> /etc/sssd/sssd.conf
> ===============
>
> [nss]
> debug_level = 9
> filter_groups = root
> filter_users =
>
root,lightdm,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news
> ,mailman,nscd
>
> [sssd]
> debug_level = 6
> domains =
nat.c.example.org
> default_domain_suffix =
c.example.org
> config_file_version = 2
> services = nss,pam
>
> [pam]
> pam_verbosity = 3
> debug_level = 9
>
> [
domain/nat.c.example.org]
> debug_level = 9
> id_provider = ad
> access_provider = ad
> auth_provider = ad
> chpass_provider = ad
> ad_domain =
nat.c.example.org
> krb5_realm =
NAT.C.EXAMPLE.ORG
> #cache_credentials = True
> #krb5_store_password_if_offline = True default_shell = /bin/bash
> override_home_directory = /home/%u use_fully_qualified_names = False
> ldap_id_mapping = False fallback_homedir = /home-local/%u
>
> ==========================================0
> sssd_pam.log
> ===========
> [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering
> pam_cmd_authenticate [sssd[pam]] [sss_parse_name_for_domains]
> (0x0200): name 'longina' matched without domain, user is longina
> [sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default
> domain [
c.example.org] [sssd[pam]] [pam_print_data] (0x0100):
> command: PAM_AUTHENTICATE [sssd[pam]] [pam_print_data] (0x0100):
> domain:
c.example.org [sssd[pam]] [pam_print_data] (0x0100): user:
> longina [sssd[pam]] [pam_print_data] (0x0100): service: lightdm
> [sssd[pam]] [pam_print_data] (0x0100): tty: :0 [sssd[pam]]
> [pam_print_data] (0x0100): ruser: not set [sssd[pam]]
> [pam_print_data] (0x0100): rhost: not set [sssd[pam]]
> [pam_print_data] (0x0100): authtok type: 1 [sssd[pam]]
> [pam_print_data] (0x0100): newauthtok type: 0 [sssd[pam]]
> [pam_print_data] (0x0100): priv: 1 [sssd[pam]] [pam_print_data]
> (0x0100): cli_pid: 1991 [sssd[pam]] [sss_ncache_check_str] (0x2000):
> Checking negative cache for [
NCE/USER/c.example.org/longina]
> [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for
> [0x40b150:3:longina@c.example.org]
> [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for
> [c.example.org][3][1][name=longina]
> [sssd[pam]] [sbus_add_timeout] (0x2000): 0x13d5420 [sssd[pam]]
> [sss_dp_internal_get_send] (0x0400): Entering request
> [0x40b150:3:longina@c.example.org]
> [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x13d5420 [sssd[pam]]
> [sbus_dispatch] (0x4000): dbus conn: 0x13d4600 [sssd[pam]]
> [sbus_dispatch] (0x4000): Dispatching.
> [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider
> - DP error code: 0 errno: 0 error message: Success [sssd[pam]]
> [pam_check_user_search] (0x0100): Requesting info for
> [longina(a)c.example.org] [sssd[pam]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x13d6830
>
> [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout":
> 0x13d83b0 [sssd[pam]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x13d6830
>
> [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout":
> 0x13d83b0
>
> [sssd[pam]] [ldb] (0x4000): Running timer event 0x13d6830
"ltdb_callback"
>
> [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x13d83b0
"ltdb_timeout"
>
> [sssd[pam]] [ldb] (0x4000): Ending timer event 0x13d6830
"ltdb_callback"
>
> [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding
> [
NCE/USER/c.example.org/longina] to negative cache [sssd[pam]]
> [pam_check_user_search] (0x0040): No results for getpwnam call
[sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [10].
> [sssd[pam]] [pam_reply] (0x0200): blen: 25 [sssd[pam]]
> [sss_dp_req_destructor] (0x0400): Deleting request:
> [0x40b150:3:longina@c.example.org]
> [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client
> [0x13d93d0][17] [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn:
> 0x13d0af0 [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
> [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method
> [ping] [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus
> message, quit [sssd[pam]] [sbus_handler_got_caller_id] (0x4000):
> Received SBUS method [ping] [sssd[pam]] [reset_idle_timer] (0x4000):
> Idle timer re-set for client [0x13d93d0][17] [sssd[pam]] [client_recv]
(0x0200): Client disconnected!
> [sssd[pam]] [client_destructor] (0x2000): Terminated client
> [0x13d93d0][17]
>
> ====================================
>
> sssd_nss.log
> =====================================
>
> [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for
> [longina] from [
c.example.org] [sssd[nss]] [sss_ncache_check_str]
> (0x2000): Checking negative cache for [
NCE/USER/c.example.org/longina]
> [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [longina] does
> not exist in [
c.example.org]! (negative cache) [sssd[nss]]
> [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21]
[sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client
[0x1517e10][21] [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running
command [17] with input [longina].
> [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'longina'
> matched without domain, user is longina [sssd[nss]]
> [sss_parse_name_for_domains] (0x0200): using default domain
> [
c.example.org] [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting
> info for [longina] from [
c.example.org] [sssd[nss]]
> [sss_ncache_check_str] (0x2000): Checking negative cache for
> [
NCE/USER/c.example.org/longina] [sssd[nss]]
> [nss_cmd_getpwnam_search] (0x0400): User [longina] does not exist in
[
c.example.org]! (negative cache) [sssd[nss]] [reset_idle_timer] (0x4000):
Idle timer re-set for client [0x1517e10][21] [sssd[nss]] [reset_idle_timer]
(0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]]
[nss_cmd_getbynam] (0x0400): Running command [17] with input [longina].
> [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'longina'
> matched without domain, user is longina [sssd[nss]]
> [sss_parse_name_for_domains] (0x0200): using default domain
> [
c.example.org] [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting
> info for [longina] from [
c.example.org] [sssd[nss]]
> [sss_ncache_check_str] (0x2000): Checking negative cache for
> [
NCE/USER/c.example.org/longina] [sssd[nss]]
> [nss_cmd_getpwnam_search] (0x0400): User [longina] does not exist in
[
c.example.org]! (negative cache) [sssd[nss]] [reset_idle_timer] (0x4000):
Idle timer re-set for client [0x1517e10][21] [sssd[nss]] [reset_idle_timer]
(0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]]
[nss_cmd_getbynam] (0x0400): Running command [17] with input [longina].
> [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'longina'
> matched without domain, user is longina [sssd[nss]]
> [sss_parse_name_for_domains] (0x0200): using default domain
> [
c.example.org] [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting
> info for [longina] from [
c.example.org] [sssd[nss]]
> [sss_ncache_check_str] (0x2000): Checking negative cache for
> [
NCE/USER/c.example.org/longina] [sssd[nss]]
> [nss_cmd_getpwnam_search] (0x0400): User [longina] does not exist in
[
c.example.org]! (negative cache) [sssd[nss]] [reset_idle_timer] (0x4000):
Idle timer re-set for client [0x1517e10][21] [sssd[nss]] [reset_idle_timer]
(0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]]
[nss_cmd_getbynam] (0x0400): Running command [17] with input
[longina(a)nat.c.example.org].
> [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name
> 'longina(a)nat.c.example.org' matched expression for domain
> 'nat.c.example.org', user is longina [sssd[nss]] [nss_cmd_getbynam]
> (0x0100): Requesting info for [longina] from [
nat.c.example.org]
> [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache
> for [
NCE/USER/nat.c.example.org/longina]
> [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for
> [longina(a)nat.c.example.org] [sssd[nss]] [ldb] (0x4000): Added timed
> event "ltdb_callback": 0x151e6a0
>
> [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout":
> 0x1516d70
>
> [sssd[nss]] [ldb] (0x4000): Running timer event 0x151e6a0
"ltdb_callback"
>
> [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x1516d70
"ltdb_timeout"
>
> [sssd[nss]] [ldb] (0x4000): Ending timer event 0x151e6a0
"ltdb_callback"
>
> [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for
> [0x417bf0:1:longina@nat.c.example.org]
> [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for
> [nat.c.example.org][4097][1][name=longina]
> [sssd[nss]] [sbus_add_timeout] (0x2000): 0x15282b0 [sssd[nss]]
> [sss_dp_internal_get_send] (0x0400): Entering request
> [0x417bf0:1:longina@nat.c.example.org]
> [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x15282b0 [sssd[nss]]
> [sbus_dispatch] (0x4000): dbus conn: 0x1519600 [sssd[nss]]
> [sbus_dispatch] (0x4000): Dispatching.
> [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider
> - DP error code: 0 errno: 0 error message: Success [sssd[nss]]
> [sss_ncache_check_str] (0x2000): Checking negative cache for
> [
NCE/USER/nat.c.example.org/longina]
> [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for
> [longina(a)nat.c.example.org] [sssd[nss]] [ldb] (0x4000): Added timed
> event "ltdb_callback": 0x151d790
>
> [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout":
> 0x151d8c0
>
> [sssd[nss]] [ldb] (0x4000): Running timer event 0x151d790
"ltdb_callback"
>
> [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x151d8c0
"ltdb_timeout"
>
> [sssd[nss]] [ldb] (0x4000): Ending timer event 0x151d790
"ltdb_callback"
>
> [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for
> user [longina(a)nat.c.example.org] [sssd[nss]] [sss_dp_req_destructor]
> (0x0400): Deleting request: [0x417bf0:1:longina@nat.c.example.org]
> [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client
> [0x1517e10][21] [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer
> re-set for client [0x1517e10][21] [sssd[nss]] [nss_cmd_getbynam]
(0x0400): Running command [17] with input [longina(a)nat.c.example.org].
> [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name
'longina(a)nat.c.example.org' matched expression for domain 'nat.c.:
> example.org', user is longina
> [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for
> [longina] from [
nat.c.example.org] [sssd[nss]] [sss_ncache_check_str]
> (0x2000): Checking negative cache for
> [
NCE/USER/nat.c.example.org/longina]
> [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for
> [longina(a)nat.c.example.org] [sssd[nss]] [ldb] (0x4000): Added timed
> event "ltdb_callback": 0x1528190
>
> [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout":
> 0x1517960
>
> [sssd[nss]] [ldb] (0x4000): Running timer event 0x1528190
"ltdb_callback"
>
> [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x1517960
"ltdb_timeout"
>
> [sssd[nss]] [ldb] (0x4000): Ending timer event 0x1528190
"ltdb_callback"
>
> [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for
> user [longina(a)nat.c.example.org] [sssd[nss]] [reset_idle_timer]
> (0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]]
> [reset_idle_timer] (0x4000): Idle timer re-set for client
> [0x1517e10][21] [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set
for client [0x1517e10][21] [sssd[nss]] [nss_cmd_getbynam] (0x0400):
Running command [17] with input [*other].
> [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name '*other'
> matched without domain, user is *other [sssd[nss]]
> [sss_parse_name_for_domains] (0x0200): using default domain
> [
c.example.org] [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting
> info for [*other] from [
c.example.org] [sssd[nss]]
> [sss_ncache_check_str] (0x2000): Checking negative cache for
> [
NCE/USER/c.example.org/*other] [sssd[nss]]
[nss_cmd_getpwnam_search]
> (0x0100): Requesting info for [*other(a)c.example.org] [sssd[nss]]
> [ldb] (0x4000): Added timed event "ltdb_callback": 0x1517960
>
> [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout":
> 0x151e6a0
>
> [sssd[nss]] [ldb] (0x4000): Running timer event 0x1517960
"ltdb_callback"
>
> [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x151e6a0
"ltdb_timeout"
>
> [sssd[nss]] [ldb] (0x4000): Ending timer event 0x1517960
"ltdb_callback"
>
> [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for
> [0x417bf0:1:*other@c.example.org] [sssd[nss]]
> [sss_dp_get_account_msg] (0x0400): Creating request for
> [c.example.org][4097][1][name=*other]
> [sssd[nss]] [sbus_add_timeout] (0x2000): 0x151a400 [sssd[nss]]
> [sss_dp_internal_get_send] (0x0400): Entering request
> [0x417bf0:1:*other@c.example.org] [sssd[nss]] [sbus_remove_timeout]
> (0x2000): 0x151a400 [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1519600 [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching.
> [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider
> - DP error code: 0 errno: 0 error message: Success [sssd[nss]]
> [sss_ncache_check_str] (0x2000): Checking negative cache for
> [
NCE/USER/c.example.org/*other] [sssd[nss]]
[nss_cmd_getpwnam_search]
> (0x0100): Requesting info for [*other(a)c.example.org] [sssd[nss]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1527b00 ...
> [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding
> [
NCE/USER/c.example.org/*other] to negative cache [sssd[nss]]
> [nss_cmd_getpwnam_search] (0x0040): No results for getpwnam call
>
> Best,
> longina
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users