Hi,
that's actually what we tried:
[sssd] domains = fsmpi.rwth-aachen.de config_file_version = 2 services = nss, pam
[pam] offline_credentials_expiration = 1 offline_failed_login_attempts = 3 offline_failed_login_delay = 0
[domain/fsmpi.rwth-aachen.de] ad_domain = fsmpi.rwth-aachen.de krb5_realm = FSMPI.RWTH-AACHEN.DE realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = False use_fully_qualified_names = False fallback_homedir = /home/%u access_provider = ad enumerate = true ldap_user_fullname = displayName krb5_lifetime = 48h krb5_renewable_lifetime = 200h krb5_renew_interval = 30m ad_gpo_access_control = disabled ad_enable_gc = false ldap_search_base = dc=fsmpi,dc=rwth-aachen,dc=de?subtree?(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Do you know what we did wrong?
Best regards Rikus