Hi Guys,
i have 2 Ubuntu 16.04 servers that have their users run by AD. The sssd.conf and output of "realm list" is identical for both servers. However, one of them can't seem to find the AD users, so ssh fails. I tried doing id <user> and getent passwd <user> and it doesn't find them.
Do you know what the issue might be?
Thanks,
Thomas
Here is my sssd.conf:
# cat /etc/sssd/sssd.conf [autofs] debug_level=1
[krb5] debug_level=1
[nss] filter_groups = root filter_users = root reconnection_retries = 3
[pam] reconnection_retries = 3 debug_level=1
[sssd] domains = MYDOMAIN.ca config_file_version = 2 services = nss, pam, ssh, autofs debug_level=1
[domain/MYDOMAIN.ca] ad_domain = MYDOMAIN.ca krb5_realm = MYDOMAIN.CA realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True #use_fully_qualified_names = True override_homedir = /NAS/home/%u fallback_homedir = /home/%u access_provider = simple debug_level=1 ignore_group_members=True simple_allow_groups = perform_hpc
and output of realm list:
# realm list MYDOMAIN.ca type: kerberos realm-name: MYDOMAIN.CA domain-name: MYDOMAIN?.ca configured: kerberos-member server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: libnss-sss required-package: libpam-sss required-package: adcli required-package: samba-common-bin login-formats: %U login-policy: allow-permitted-logins permitted-logins: permitted-groups: