Hi Sumit,
Thanks for your response. I was afraid of that would be the answer.
It will be good to get a 1.10 build and above into a RHEL repository going forward.
Cheers
Don
On 7 Feb 2014, at 6:35 pm, Sumit Bose <sbose(a)redhat.com> wrote:
On Fri, Feb 07, 2014 at 11:24:19AM +1000, Donald Casson wrote:
> Hi All,
>
>
>
> I am trying to get SSSD working with an Active Directory.
>
>
>
> The SSSD machine is a member of the sub domain
student.example.com and this
> works as expected.
>
>
>
> I can do all the getent, id's and groups:
>
>
>
> [root@puppetmaster-test sssd]# getent group "Server Administrators"
>
> server administrators:*:10006:sa.cassond
>
> [root@puppetmaster-test sssd]# getent passwd sa.cassond
>
> sa.cassond:*:10005:10006:Don Casson:/home/sa.cassond:/bin/bash
>
> [root@puppetmaster-test sssd]# groups sa.cassond
>
> sa.cassond : server administrators
>
> [root@puppetmaster-test sssd]# id cassond
>
> uid=10007(cassond) gid=10006(server administrators) groups=10006(server
> administrators)
>
>
>
>
>
> When I do the same for users in the parent domain (
example.com)
>
>
>
> [root@puppetmaster-test sssd]# getent passwd duckd(a)example.com
>
> [root@puppetmaster-test sssd]#
>
>
>
> I get no users and this error in the sssd_nss.log:
>
>
>
> (Fri Feb 7 11:16:49 2014) [sssd[nss]] [accept_fd_handler] (0x0400): Client
> connected!
>
> (Fri Feb 7 11:16:49 2014) [sssd[nss]] [sss_cmd_get_version] (0x0200):
> Received client version [1].
>
> (Fri Feb 7 11:16:49 2014) [sssd[nss]] [sss_cmd_get_version] (0x0200):
> Offered version [1].
>
> (Fri Feb 7 11:16:49 2014) [sssd[nss]] [sss_dp_issue_request] (0x0400):
> Issuing request for [0x435b80:domains@student.example.com]
>
> (Fri Feb 7 11:16:49 2014) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400):
> Sending get domains request for [
student.example.com][forced][example.com]
>
> (Fri Feb 7 11:16:49 2014) [sssd[nss]] [sss_dp_internal_get_send] (0x0400):
> Entering request [0x435b80:domains@student.example.com]
>
> (Fri Feb 7 11:16:49 2014) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got
> reply from Data Provider - DP error code: 3 errno: 19 error message:
> Subdomains back end target is not configured
>
> (Fri Feb 7 11:16:49 2014) [sssd[nss]] [nss_cmd_getpwnam_cb] (0x0040):
> Invalid name received [duckd(a)example.com]
>
> (Fri Feb 7 11:16:49 2014) [sssd[nss]] [sss_dp_req_destructor] (0x0400):
> Deleting request: [0x435b80:domains@student.example.com]
>
> (Fri Feb 7 11:16:49 2014) [sssd[nss]] [client_recv] (0x0200): Client
> disconnected!
>
>
>
> Please help! Do I need to be on a higher version of SSSD to support
> subdomains with the "id_provider=ad"? Am i missing something in the
> configuration to support sub domains? Is this a bug in SSSD ?
>
>
>
>
>
> OS and SSD version: RHEL 6.3 and sssd 1.9.2-129
I'm sorry, but this feature is only available in sssd-1.10 and later
version.
Seehttps://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0
for details.
Please note that we are currently working on a repository which will
contain sssd-1.11 build for RHEL-6.5 for testing. It might not work
out-of-the-box on RHEL-6.3 but it might help to give you an easier start
to rebuild it on 6.3. Watch out for the announcement on this list and
sssd-devel.
bye,
Sumit
>
>
>
> [sssd]
>
> config_file_version = 2
>
> domains =
student.example.com
>
> services = nss, pam, ssh
>
> debug_level = 7
>
>
>
> [nss]
>
> # The following prevents SSSD from searching for the root user/group in
>
> # all domains (you can add here a comma-separated list of system accounts
> that
>
> # are always going to be /etc/passwd users, or that you want to filter out).
>
> filter_groups = root
>
> filter_users = root
>
> reconnection_retries = 3
>
> debug_level = 7
>
>
>
> [pam]
>
> debug_level = 7
>
>
>
> [
domain/student.example.com]
>
> # disable Windows SID to UID mapping
>
> ldap_id_mapping = false
>
> debug_level = 7
>
> cache_credentials = true
>
> #enumerate = true
>
> case_sensitive = false
>
> id_provider = ad
>
> ad_domain =
student.example.com
>
>
>
>
>
> # LDAP options
>
> ldap_user_shell = loginShell
>
> ldap_user_home_directory = unixHomeDirectory
>
> ldap_schema = rfc2307bis
>
>
>
> ldap_group_member = msSFU30PosixMember
>
>
>
>
>
> # krb5 options
>
> krb5_canonicalize = false
>
>
>
> Thanks in advance.
>
>
>
> Cheers
>
> Don
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users