Hi,
I try to configure a client that is member of active directory domain s2dom.d1dom.dom.example.com which is a subdomain of d1dom.dom.example.com which itself is a subdomain of dom.example.com. Now I try to to login with users from user@dom.example.com and user1@s2dom.d1dom.dom.example.com. The last one works without problems. But I'm not able to get a user@dom.example.com working.
my sssd.conf
[sssd] services = nss, pam config_file_version = 2 domains = s2dom.d1dom.dom.example.com
[nss] default_shell=/bin/bash override_homedir = /home/%u
[pam]
[domain/s2dom.d1dom.dom.example.com] id_provider = ad access_provider = ad ldap_schema = ad ldap_id_mapping=true ldap_idmap_range_min=1000000 ldap_idmap_range_max=2000000 ldap_idmap_range_size=1000000 use_fully_qualified_names = true
Regards Andreas
On Fri, Oct 20, 2017 at 09:39:10PM +0200, Andreas Hauffe wrote:
Hi,
I try to configure a client that is member of active directory domain s2dom.d1dom.dom.example.com which is a subdomain of d1dom.dom.example.com which itself is a subdomain of dom.example.com. Now I try to to login with users from user@dom.example.com and user1@s2dom.d1dom.dom.example.com. The last one works without problems. But I'm not able to get a user@dom.example.com working.
my sssd.conf
[sssd] services = nss, pam config_file_version = 2 domains = s2dom.d1dom.dom.example.com
[nss] default_shell=/bin/bash override_homedir = /home/%u
[pam]
[domain/s2dom.d1dom.dom.example.com] id_provider = ad access_provider = ad ldap_schema = ad ldap_id_mapping=true ldap_idmap_range_min=1000000 ldap_idmap_range_max=2000000 ldap_idmap_range_size=1000000 use_fully_qualified_names = true
Logs are needed, see https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html but as a general advise I would recommend against touching any of the idmap range parameters unless you are running a very old (1.12 or older) release of sssd.
sssd-users@lists.fedorahosted.org