Decided to try out 2.2.1 and also gave enumerate a try and got somewhat strange results:
sssd # getent group cjhfj4j_admins:*:145421: ....
No group members ?
getent passwd Only list linux system users and myself Where are the rest of the users ?
Jocke
On Fri, Aug 30, 2019 at 04:07:39PM +0000, Joakim Tjernlund wrote:
Decided to try out 2.2.1 and also gave enumerate a try and got somewhat strange results:
sssd # getent group cjhfj4j_admins:*:145421: ....
No group members ?
getent passwd Only list linux system users and myself Where are the rest of the users ?
Hi,
since we typically recommend to not use enumeration it might not get the required testing. Nevertheless can you send your (sanitized) sssd.conf so that we can try to reproduce the issue?
bye, Sumit
Jocke _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
On Fri, 2019-08-30 at 18:52 +0200, Sumit Bose wrote:
On Fri, Aug 30, 2019 at 04:07:39PM +0000, Joakim Tjernlund wrote:
Decided to try out 2.2.1 and also gave enumerate a try and got somewhat strange results:
sssd # getent group cjhfj4j_admins:*:145421: ....
No group members ?
getent passwd Only list linux system users and myself Where are the rest of the users ?
Hi,
since we typically recommend to not use enumeration it might not get the required testing. Nevertheless can you send your (sanitized) sssd.conf so that we can try to reproduce the issue?
Hi Sumit, here is sanitized sssd.conf
[sssd] config_file_version = 2 domains = xxx.com services = nss, pam #debug_level = 0x0fff
[nss] fallback_homedir = /home/%u default_shell = /bin/bash #debug_level = 0x0fff enum_cache_timeout = 3600 entry_negative_timeout = 300
[pam] #debug_level = 0x0fff
[domain/xxx.com] #debug_level = 0xffff
timeout = 30 ad_maximum_machine_account_password_age = 0
ignore_group_members = false ldap_id_mapping = false cache_credentials = true enumerate = true ldap_enumeration_refresh_timeout = 1800 entry_cache_timeout = 3600 refresh_expired_interval = 2700
id_provider = ad auth_provider = ad access_provider = permit chpass_provider = ad
ad_server = yyy01.xxx.com,yyy02.xxx.com ad_backup_server = byyy01.xxx.com,byyy.xxx.com
dyndns_auth = none dyndns_iface = vpn0, wlan0, eth0 dyndns_update = true dyndns_refresh_interval = 600 dyndns_update_ptr = true dyndns_ttl = 3600 case_sensitive = false
ldap_referrals = false ldap_sasl_mech = GSSAPI ldap_schema = rfc2307bis
ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true
krb5_realm = XXX.COM krb5_canonicalize = true krb5_store_password_if_offline = true krb5_use_kdcinfo = False krb5_renewable_lifetime = 7d krb5_lifetime = 24h krb5_renew_interval = 4h
sssd-users@lists.fedorahosted.org