On Tue, Jun 18, 2019 at 06:57:14PM +0000, Thomas Beaudry wrote:
Hi Guys,
i have 2 Ubuntu 16.04 servers that have their users run by AD. The sssd.conf and output of "realm list" is identical for both servers. However, one of them can't seem to find the AD users, so ssh fails. I tried doing id <user> and getent passwd <user> and it doesn't find them.
Do you know what the issue might be?
Not without logs, see: https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
Thanks,
Thomas
Here is my sssd.conf:
# cat /etc/sssd/sssd.conf [autofs] debug_level=1
[krb5] debug_level=1
[nss] filter_groups = root filter_users = root reconnection_retries = 3
[pam] reconnection_retries = 3 debug_level=1
[sssd] domains = MYDOMAIN.ca config_file_version = 2 services = nss, pam, ssh, autofs debug_level=1
[domain/MYDOMAIN.ca] ad_domain = MYDOMAIN.ca krb5_realm = MYDOMAIN.CA realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True #use_fully_qualified_names = True override_homedir = /NAS/home/%u fallback_homedir = /home/%u access_provider = simple debug_level=1 ignore_group_members=True simple_allow_groups = perform_hpc
and output of realm list:
# realm list MYDOMAIN.ca type: kerberos realm-name: MYDOMAIN.CA domain-name: MYDOMAIN?.ca configured: kerberos-member server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: libnss-sss required-package: libpam-sss required-package: adcli required-package: samba-common-bin login-formats: %U login-policy: allow-permitted-logins permitted-logins: permitted-groups:
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...