Hi All,
I'm using sssd to authenticate users from AD and generally this works fine. However, I have one server that frequently can't resolve AD users: [root@HOST ~]# id aduser@domain.com id: aduser@domain.com: no such user
or:
[aduser@HOST ~]# crontab -l crontab: your UID isn't in the passwd file. bailing out.
Around that time I see errors like this in the log: [sssd[be[domain.com]]] [sdap_get_generic_op_finished] (0x0400): Search result: Referral(10), 0000202B: RefErr: DSID-03100781, data 0, 1 access points ref 1: 'Domain.com'
After a view minutes it works again.
What puzzles me is that I have 2 other servers with the same config using that same user which don't have any problem.
I'm running sssd- 1.16.4. 21.el7_7.1 on CentOS Linux release 7.7.1908 (Core) This is my sssd.conf:
[sssd] debug_level=9 sbus_timeout = 30 reconnection_retries = 3 services = nss, pam config_file_version = 2 domains = domain.com
[pam] debug_level=9 pam_verbosity = 3 reconnection_retries = 3
[nss] debug_level=9 reconnection_retries = 3
[domain/domain.com] debug_level=9 ad_site = SITE use_fully_qualified_names = true override_homedir = /home/%u dyndns_update = false ldap_schema = ad id_provider = ad ad_enabled_domains = sub.domain.com, domain.com ad_gpo_access_control = disabled case_sensitive = true cache_credentials = true min_id = 1000 ldap_id_mapping = False ldap_group_nesting_level = 4 ldap_user_primary_group = gidNumber ad_hostname = host.domain.com ignore_group_members = TRUE access_provider = simple simple_allow_groups = group1@domain.com,group2@sub.domain.com,group3@sub.domain.com
Thank you, Christoph
DISCLAIMER The content of this email and any files transmitted with it may be confidential and intended solely for the use of the individual named. If you have received this email in error please let us know and delete the content from your system. You may NOT copy or disclose the information to anyone. We do not accept any liability if this email is used for an alternative purpose from which it is intended, nor to any third party in respect thereof. The sender does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.
Unless we have agreed otherwise in writing, Sony DADC’s Standard Terms and Conditions of Business will apply to any services and-or disc/home-entertainment related products we provide to you, our Consumer Sales General Conditions will apply to any consumer electronics products we supply to you and our General Conditions of Purchase will apply to any goods and/or services we purchase from you.