On 18/07/14 20:03, Dmitri Pal wrote:
> On 07/18/2014 11:53 AM, Rowland Penny wrote:
>> On 18/07/14 16:18, Jakub Hrozek wrote:
>>> On Thu, Jul 10, 2014 at 11:20:10AM +0100, Rowland Penny wrote:
>>>> Any suggest to what I check next??
>>> Sorry for the delayed reply.
>>>
>>> Looks like an ACI problem to me, the first search binds as
>>> NETBOOK$(a)EXAMPLE.COM, the second as
>>> cn=Administrator,cn=Users,dc=example,dc=com
>>> _______________________________________________
>>> sssd-users mailing list
>>> sssd-users(a)lists.fedorahosted.org
>>>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>> ER, could you please expand 'ACI' for me, I haven't a clue what you
>> are talking about ;-)
>
> Access Control Instructions in LDAP on the server side.
> In one case the account has privileges to get information and in
> other it does not. You need to change permission on the server for
> the SSSD account to have permission to do the search.
>
Thanks, you have confirmed what I thought was going on, have you any
idea how I can give machines the required rights in Active Directory
or can you point me at a webpage that explains how to do it?
Sorry, no. I would defer to technical gurus to chime in on Monday.
Rowland
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.