On Wed, Apr 30, 2014 at 02:38:23PM +0200, steve wrote:
On Wed, 2014-04-30 at 14:25 +0200, Jakub Hrozek wrote:
> On Wed, Apr 30, 2014 at 01:21:20PM +0200, steve wrote:
> > Hi
> > We want to run:
> > getent passwd steve2
> >
> > but we get:
> > (Wed Apr 30 13:02:06 2014) [sssd[nss]] [nss_cmd_getpwnam_search]
> > (0x0080): No matching domain found for [steve2], fail!
> >
> > This works fine:
> > getent passwd steve2(a)hh3.site
> > steve2@hh3.site:*:3000021:20513:steve2:/home/users/steve2:/bin/bash
> >
> > All our rfc2307 are in Samba4 AD
> > Question: Is it possible to drop the domain?
> >
> > [sssd]
> > services = nss, pam
> > config_file_version = 2
> > domains = hh3.site
> > [nss]
> > [pam]
> > [domain/hh3.site]
> > id_provider = ad
> > auth_provider = ad
> > access_provider = ad
> > ldap_id_mapping = False
>
> I would expect also 'getent passwd steve2' to work because your config
> doesn't have 'use_fully_qualified_names' set to True.
>
> Do you have multiple domains in your forest maybe?
>
> Can you most more context from the nss log (including the domains that
> are tried) ? Feel free to obfuscate any private data.
>
> Can you run:
> # ldbsearch -H /var/lib/sss/db/cache_hh3.site.ldb
> and check if the user's 'name' attribute is 'steve2' or
'steve2(a)hh3.site' ?
Of course. Clear the cache. A long time we've had any trouble with sssd
so we'd forgotten.
Thanks for a great ad backend and sorry to have wasted time.
Steve
Glad it works now and thanks for testing the latest versions!