On 10 Sep 2017, at 16:36, Igor Sever via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
It looks like my problems with AD trust on server side went away when I upgraded to FreeIPA 4.5 using Centos 7.4 packages, but unfortunately this is only half of the way. I have alot of SLES servers 11 and 12, but it looks like SSSD that comes with SLES is not fully featured as RHEL or Centos. Basic authentication is working , but policies are not working because group membership is not available on SLES SSSD client (when checking with id command). Even on SLES 12 SP1 I cannot get it to work. In krb5_child.log I see error: [validate_tgt] (0x0040): sss_extract_and_send_pac failed, group membership for user with principal [******] might not be correct. When I try to enable PAC service starting of SSSD fails and I get: [service_startup_handler] (0x0010): Could not exec /usr/lib/sssd/sssd_pac --debug-to-files, reason: No such file or directory I installed all packages related to SSSD and all dependencies. Is PAC service necessary for group resolution? Is there any other option?
Umm, how old is the sssd there? What version?
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org