Hi We want to run: getent passwd steve2
but we get: (Wed Apr 30 13:02:06 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0080): No matching domain found for [steve2], fail!
This works fine: getent passwd steve2@hh3.site steve2@hh3.site:*:3000021:20513:steve2:/home/users/steve2:/bin/bash
All our rfc2307 are in Samba4 AD Question: Is it possible to drop the domain?
[sssd] services = nss, pam config_file_version = 2 domains = hh3.site [nss] [pam] [domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False
On Wed, Apr 30, 2014 at 01:21:20PM +0200, steve wrote:
Hi We want to run: getent passwd steve2
but we get: (Wed Apr 30 13:02:06 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0080): No matching domain found for [steve2], fail!
This works fine: getent passwd steve2@hh3.site steve2@hh3.site:*:3000021:20513:steve2:/home/users/steve2:/bin/bash
All our rfc2307 are in Samba4 AD Question: Is it possible to drop the domain?
[sssd] services = nss, pam config_file_version = 2 domains = hh3.site [nss] [pam] [domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False
I would expect also 'getent passwd steve2' to work because your config doesn't have 'use_fully_qualified_names' set to True.
Do you have multiple domains in your forest maybe?
Can you most more context from the nss log (including the domains that are tried) ? Feel free to obfuscate any private data.
Can you run: # ldbsearch -H /var/lib/sss/db/cache_hh3.site.ldb and check if the user's 'name' attribute is 'steve2' or 'steve2@hh3.site' ?
On Wed, 2014-04-30 at 14:25 +0200, Jakub Hrozek wrote:
On Wed, Apr 30, 2014 at 01:21:20PM +0200, steve wrote:
Hi We want to run: getent passwd steve2
but we get: (Wed Apr 30 13:02:06 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0080): No matching domain found for [steve2], fail!
This works fine: getent passwd steve2@hh3.site steve2@hh3.site:*:3000021:20513:steve2:/home/users/steve2:/bin/bash
All our rfc2307 are in Samba4 AD Question: Is it possible to drop the domain?
[sssd] services = nss, pam config_file_version = 2 domains = hh3.site [nss] [pam] [domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False
I would expect also 'getent passwd steve2' to work because your config doesn't have 'use_fully_qualified_names' set to True.
Do you have multiple domains in your forest maybe?
Can you most more context from the nss log (including the domains that are tried) ? Feel free to obfuscate any private data.
Can you run: # ldbsearch -H /var/lib/sss/db/cache_hh3.site.ldb and check if the user's 'name' attribute is 'steve2' or 'steve2@hh3.site' ?
Of course. Clear the cache. A long time we've had any trouble with sssd so we'd forgotten.
Thanks for a great ad backend and sorry to have wasted time. Steve
_______________________________________________
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Wed, Apr 30, 2014 at 02:38:23PM +0200, steve wrote:
On Wed, 2014-04-30 at 14:25 +0200, Jakub Hrozek wrote:
On Wed, Apr 30, 2014 at 01:21:20PM +0200, steve wrote:
Hi We want to run: getent passwd steve2
but we get: (Wed Apr 30 13:02:06 2014) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0080): No matching domain found for [steve2], fail!
This works fine: getent passwd steve2@hh3.site steve2@hh3.site:*:3000021:20513:steve2:/home/users/steve2:/bin/bash
All our rfc2307 are in Samba4 AD Question: Is it possible to drop the domain?
[sssd] services = nss, pam config_file_version = 2 domains = hh3.site [nss] [pam] [domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False
I would expect also 'getent passwd steve2' to work because your config doesn't have 'use_fully_qualified_names' set to True.
Do you have multiple domains in your forest maybe?
Can you most more context from the nss log (including the domains that are tried) ? Feel free to obfuscate any private data.
Can you run: # ldbsearch -H /var/lib/sss/db/cache_hh3.site.ldb and check if the user's 'name' attribute is 'steve2' or 'steve2@hh3.site' ?
Of course. Clear the cache. A long time we've had any trouble with sssd so we'd forgotten.
Thanks for a great ad backend and sorry to have wasted time. Steve
Glad it works now and thanks for testing the latest versions!
sssd-users@lists.fedorahosted.org
-
Jakub Hrozek -
steve