1:05 a.m.
Hi everyone,
I'm using sssd 1.62 in CentOS 7.4。
The sssd is very good, I love it!
But, when I use "ldap_id_mapping=False" in /etc/sssd/sssd.conf the user's
password will not availabe.
Why?
How to solve it?
Thanks
2:33 a.m.
New subject: ldap_id_mapping=False then AD user's password not availabe
On Fri, Feb 15, 2019 at 07:05:37AM -0000, CharlesLee wrote:
Hi everyone,
I'm using sssd 1.62 in CentOS 7.4。
The sssd is very good, I love it!
But, when I use "ldap_id_mapping=False" in /etc/sssd/sssd.conf the user's
password will not availabe.
I assume with 'the user's password will not available' you mean that the
user cannot log in?
I guess that the user cannot even be found if you call 'getent passwd
username'.
Why?
With "ldap_id_mapping=False" SSSD expects that the POSIX UIDs and GIDs
are stored in Active Directory (I assume you are using AD). By default
this is not the case and recent version of Windows Servers even removed
some tools which made it easy to set them.
How to solve it?
Either use "ldap_id_mapping=True" (recommended) or add suit uidNumber
and gidNumer attributes in AD to the users and groups.
HTH
bye,
Sumit
>
> Thanks
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
3:47 a.m.
New subject: ldap_id_mapping=False then AD user's password not availabe
Hi sumit,
Thanks for your reply.
I'm using windows server 2008R2 AD.
I use "ldap_id_mapping=False" because I want the AD's user in linux UID is
gidNumber, if I use "ldap_id_mapping=True" the user's uid in linux will can
not control.
I want to the AD user in linux can use gidNumber and AD user login linux use AD password.
So, How should I do ?
Thanks
3:18 a.m.
New subject: ldap_id_mapping=False then AD user's password not availabe
On Fri, Feb 15, 2019 at 09:47:46AM -0000, CharlesLee wrote:
Hi sumit,
Thanks for your reply.
I'm using windows server 2008R2 AD.
I use "ldap_id_mapping=False" because I want the AD's user in linux UID is
gidNumber, if I use "ldap_id_mapping=True" the user's uid in linux will can
not control.
I want to the AD user in linux can use gidNumber and AD user login linux use AD
password.
So, How should I do ?
Do you already have the IDs created and stored in AD?
One thing you might need to do after switching the ID mapping on or off
is to clear the sssd cache. With newer versions:
sssctl cache-remove
or with older versions:
rm -f /var/lib/sss/db/*
systemctl restart sssd
9:21 a.m.
New subject: ldap_id_mapping=False then AD user's password not availabe
Hi Jakub,
Yes, I did rm -rf /var/lib/sss/db/* after turn off ldap_id_mapping.
In the linux AD's user can have uidNumber, but the AD user's password was invalid
in linux.
Thanks for your reply.
2:40 p.m.
New subject: ldap_id_mapping=False then AD user's password not availabe
On Mon, Feb 18, 2019 at 03:21:55PM -0000, CharlesLee wrote:
Hi Jakub,
Yes, I did rm -rf /var/lib/sss/db/* after turn off ldap_id_mapping.
In the linux AD's user can have uidNumber, but the AD user's password was
invalid in linux.
Then please follow the debugging steps:
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
9:16 p.m.
New subject: ldap_id_mapping=False then AD user's password not availabe
Thanks Jakub, I solved my problem.
1867
days inactive
1891
days old
sssd-users@lists.fedorahosted.org
6 comments
3 participants
participants (3)
-
CharlesLee -
Jakub Hrozek -
Sumit Bose