Lets get this straight, you have a user called 'root' in /etc/passwd
and another user called 'root' in AD, is this correct ???
You should name your central user something else. SSSD will
deliberately
not authenticate root because root should be authenticated by pam_unix.
Hi How about deleting the user called root in AD, choosing another domain user called adroot. Then use: username map = /some/file to make adroot map to root in /some/file?
adroot is now a domain user with uid 0
Possibly one can do that, but this is just a bad workaround for a bad assumption in SSSD, namly that there can not be any system out there who would like to auth "root" with SSSD.
Jocke
PS. Keep me on CC
On Fri, 26 Sep 2014, Joakim Tjernlund wrote:
Possibly one can do that, but this is just a bad workaround for a bad assumption in SSSD, namly that there can not be any system out there who would like to auth "root" with SSSD.
You're a corner case that goes against normal practice, so any workaround is fine, however grim. You can use .k5login/ssh keys/sudo and get to a better place than you're aiming for with this solution, and you don't have to modify sssd and pam to work in non standard, and most likely non-LSB compliant ways to make it work.
jh
sssd-users@lists.fedorahosted.org