Hi,
I'm using sssd for the first time and I'm seeing these errors in the auth.log file:
Aug 5 15:30:07 ***** sssd_be: canonuserfunc error -7 Aug 5 15:30:07 ***** sssd_be: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb
I've Googled for a solution but haven't found one.
I'm using Ubuntu 12.04LTS with sssd - 1.8.6.
Any help is appreciated.
Cheers,
T.
On 05/08/13 16:53, Terry Arter wrote:
Hi,
I'm using sssd for the first time and I'm seeing these errors in the auth.log file:
Aug 5 15:30:07 ***** sssd_be: canonuserfunc error -7 Aug 5 15:30:07 ***** sssd_be: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb
I've Googled for a solution but haven't found one.
I'm using Ubuntu 12.04LTS with sssd - 1.8.6.
Any help is appreciated.
Cheers,
T. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
You could try updating sssd from the sssd ppa:
nano /etc/apt/sources.list
Add:
deb http://ppa.launchpad.net/sssd/updates/ubuntu precise main deb-src http://ppa.launchpad.net/sssd/updates/ubuntu precise main
# Add the key gpg --keyserver subkeys.pgp.net --recv B9BF7660CA45F42B
gpg --export --armor CA45F42B | sudo apt-key add -
apt-get update apt-get upgrade
You should end up with version 1.9.5
Hi Rowland,
Thanks for the quick answer. I updated the computer and it made matters worst :)
When doing: service sssd restart, I now get this error every few seconds. Before I would only see four of those errors.
Cheers,
T.
On 05/08/13 17:12, Rowland Penny wrote:
On 05/08/13 16:53, Terry Arter wrote:
Hi,
I'm using sssd for the first time and I'm seeing these errors in the auth.log file:
Aug 5 15:30:07 ***** sssd_be: canonuserfunc error -7 Aug 5 15:30:07 ***** sssd_be: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb
I've Googled for a solution but haven't found one.
I'm using Ubuntu 12.04LTS with sssd - 1.8.6.
Any help is appreciated.
Cheers,
T. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
You could try updating sssd from the sssd ppa:
nano /etc/apt/sources.list
Add:
deb http://ppa.launchpad.net/sssd/updates/ubuntu precise main deb-src http://ppa.launchpad.net/sssd/updates/ubuntu precise main
# Add the key gpg --keyserver subkeys.pgp.net --recv B9BF7660CA45F42B
gpg --export --armor CA45F42B | sudo apt-key add -
apt-get update apt-get upgrade
You should end up with version 1.9.5 _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On 06/08/13 16:59, Terry Arter wrote:
Hi Rowland,
Thanks for the quick answer. I updated the computer and it made matters worst :)
When doing: service sssd restart, I now get this error every few seconds. Before I would only see four of those errors.
Cheers,
T.
On 05/08/13 17:12, Rowland Penny wrote:
On 05/08/13 16:53, Terry Arter wrote:
Hi,
I'm using sssd for the first time and I'm seeing these errors in the auth.log file:
Aug 5 15:30:07 ***** sssd_be: canonuserfunc error -7 Aug 5 15:30:07 ***** sssd_be: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb
I've Googled for a solution but haven't found one.
I'm using Ubuntu 12.04LTS with sssd - 1.8.6.
Any help is appreciated.
Cheers,
T. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
You could try updating sssd from the sssd ppa:
nano /etc/apt/sources.list
Add:
deb http://ppa.launchpad.net/sssd/updates/ubuntu precise main deb-src http://ppa.launchpad.net/sssd/updates/ubuntu precise main
# Add the key gpg --keyserver subkeys.pgp.net --recv B9BF7660CA45F42B
gpg --export --armor CA45F42B | sudo apt-key add -
apt-get update apt-get upgrade
You should end up with version 1.9.5
OK, I have checked my /var/log/auth.log and sssd is not mentioned at all, could you please post your sssd.conf file
Rowland
On Tue, Aug 06, 2013 at 05:07:40PM +0100, Rowland Penny wrote:
On 06/08/13 16:59, Terry Arter wrote:
Hi Rowland,
Thanks for the quick answer. I updated the computer and it made matters worst :)
When doing: service sssd restart, I now get this error every few seconds. Before I would only see four of those errors.
Cheers,
T.
On 05/08/13 17:12, Rowland Penny wrote:
On 05/08/13 16:53, Terry Arter wrote:
Hi,
I'm using sssd for the first time and I'm seeing these errors in the auth.log file:
Aug 5 15:30:07 ***** sssd_be: canonuserfunc error -7 Aug 5 15:30:07 ***** sssd_be: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb
I've Googled for a solution but haven't found one.
I'm using Ubuntu 12.04LTS with sssd - 1.8.6.
Any help is appreciated.
Cheers,
T. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
You could try updating sssd from the sssd ppa:
nano /etc/apt/sources.list
Add:
deb http://ppa.launchpad.net/sssd/updates/ubuntu precise main deb-src http://ppa.launchpad.net/sssd/updates/ubuntu precise main
# Add the key gpg --keyserver subkeys.pgp.net --recv B9BF7660CA45F42B
gpg --export --armor CA45F42B | sudo apt-key add -
apt-get update apt-get upgrade
You should end up with version 1.9.5
OK, I have checked my /var/log/auth.log and sssd is not mentioned at all, could you please post your sssd.conf file
Rowland
This sounds to me like some kind of build error. Timo, are you aware of any such reports in Ubuntu?
On 06.08.2013 19:30, Jakub Hrozek wrote:
On Tue, Aug 06, 2013 at 05:07:40PM +0100, Rowland Penny wrote:
On 06/08/13 16:59, Terry Arter wrote:
Hi Rowland,
Thanks for the quick answer. I updated the computer and it made matters worst :)
When doing: service sssd restart, I now get this error every few seconds. Before I would only see four of those errors.
Cheers,
T.
On 05/08/13 17:12, Rowland Penny wrote:
On 05/08/13 16:53, Terry Arter wrote:
Hi,
I'm using sssd for the first time and I'm seeing these errors in the auth.log file:
Aug 5 15:30:07 ***** sssd_be: canonuserfunc error -7 Aug 5 15:30:07 ***** sssd_be: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb
I've Googled for a solution but haven't found one.
I'm using Ubuntu 12.04LTS with sssd - 1.8.6.
Any help is appreciated.
Cheers,
T. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
You could try updating sssd from the sssd ppa:
nano /etc/apt/sources.list
Add:
deb http://ppa.launchpad.net/sssd/updates/ubuntu precise main deb-src http://ppa.launchpad.net/sssd/updates/ubuntu precise main
# Add the key gpg --keyserver subkeys.pgp.net --recv B9BF7660CA45F42B
gpg --export --armor CA45F42B | sudo apt-key add -
apt-get update apt-get upgrade
You should end up with version 1.9.5
OK, I have checked my /var/log/auth.log and sssd is not mentioned at all, could you please post your sssd.conf file
Rowland
This sounds to me like some kind of build error. Timo, are you aware of any such reports in Ubuntu?
no, this is the first time.. Build log looks fine to me too, so dunno what's going on.
On 07/08/13 11:06, Timo Aaltonen wrote:
On 06.08.2013 19:30, Jakub Hrozek wrote:
On Tue, Aug 06, 2013 at 05:07:40PM +0100, Rowland Penny wrote:
On 06/08/13 16:59, Terry Arter wrote:
Hi Rowland,
Thanks for the quick answer. I updated the computer and it made matters worst :)
When doing: service sssd restart, I now get this error every few seconds. Before I would only see four of those errors.
Cheers,
T.
On 05/08/13 17:12, Rowland Penny wrote:
On 05/08/13 16:53, Terry Arter wrote:
Hi,
I'm using sssd for the first time and I'm seeing these errors in the auth.log file:
Aug 5 15:30:07 ***** sssd_be: canonuserfunc error -7 Aug 5 15:30:07 ***** sssd_be: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb
I've Googled for a solution but haven't found one.
I'm using Ubuntu 12.04LTS with sssd - 1.8.6.
Any help is appreciated.
Cheers,
T. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
You could try updating sssd from the sssd ppa:
nano /etc/apt/sources.list
Add:
deb http://ppa.launchpad.net/sssd/updates/ubuntu precise main deb-src http://ppa.launchpad.net/sssd/updates/ubuntu precise main
# Add the key gpg --keyserver subkeys.pgp.net --recv B9BF7660CA45F42B
gpg --export --armor CA45F42B | sudo apt-key add -
apt-get update apt-get upgrade
You should end up with version 1.9.5
OK, I have checked my /var/log/auth.log and sssd is not mentioned at all, could you please post your sssd.conf file
Rowland
This sounds to me like some kind of build error. Timo, are you aware of any such reports in Ubuntu?
no, this is the first time.. Build log looks fine to me too, so dunno what's going on.
Hi, all I can say is that it works for me and as I said I get no messages in auth.log from sssd, any messages end up in the logs in /var/log/sssd.
I can only assume that the OP has set sssd up incorrectly, that is why I asked him to post his conf file.
Also, whilst Timo is listening, is there any chance of the latest version in the ppa?
Rowland
Rowland,
I agree with you that I've messed something up somewhere :)
Config file is below.
Cheers,
T.
[sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam domains = *FQDN* debug_level = 0x1310
[nss] reconnection_retries = 3 debug_level = 0x1310
[pam] reconnection_retries = 3 pam_verbosity = 3 debug_level = 0x1310
[domain/*FQDN*] description = LDAP domain with AD server enumerate = true min_id = 500 id_provider = ldap auth_provider = krb5 chpass_provider = none debug_level = 0x1310
dns_discovery_domain = *fqdn* krb5_realm = *FQDN* krb5_server = *ip address* krb5_canonicalize = false
ldap_uri = ldap://*ip address*
ldap_schema = rfc2307bis ldap_sasl_mech = GSSAPI
ldap_user_search_base = OU=Domain Users,DC=... ldap_user_object_class = user ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_user_name = sAMAccountName ldap_user_modify_timestamp = whenChanged ldap_user_ad_account_expires = userAccountControl
ldap_group_search_base = OU=Domain Groups,DC=... ldap_group_object_class = group
ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true ldap_disable_referrals = true
On 07/08/13 11:32, Rowland Penny wrote:
On 07/08/13 11:06, Timo Aaltonen wrote:
On 06.08.2013 19:30, Jakub Hrozek wrote:
On Tue, Aug 06, 2013 at 05:07:40PM +0100, Rowland Penny wrote:
On 06/08/13 16:59, Terry Arter wrote:
Hi Rowland,
Thanks for the quick answer. I updated the computer and it made matters worst :)
When doing: service sssd restart, I now get this error every few seconds. Before I would only see four of those errors.
Cheers,
T.
On 05/08/13 17:12, Rowland Penny wrote:
On 05/08/13 16:53, Terry Arter wrote: > Hi, > > I'm using sssd for the first time and I'm seeing these errors in > the auth.log file: > > Aug 5 15:30:07 ***** sssd_be: canonuserfunc error -7 > Aug 5 15:30:07 ***** sssd_be: _sasl_plugin_load failed on > sasl_canonuser_init for plugin: ldapdb > > I've Googled for a solution but haven't found one. > > I'm using Ubuntu 12.04LTS with sssd - 1.8.6. > > Any help is appreciated. > > Cheers, > > T. > _______________________________________________ > sssd-users mailing list > sssd-users@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-users You could try updating sssd from the sssd ppa:
nano /etc/apt/sources.list
Add:
deb http://ppa.launchpad.net/sssd/updates/ubuntu precise main deb-src http://ppa.launchpad.net/sssd/updates/ubuntu precise main
# Add the key gpg --keyserver subkeys.pgp.net --recv B9BF7660CA45F42B
gpg --export --armor CA45F42B | sudo apt-key add -
apt-get update apt-get upgrade
You should end up with version 1.9.5
OK, I have checked my /var/log/auth.log and sssd is not mentioned at all, could you please post your sssd.conf file
Rowland
This sounds to me like some kind of build error. Timo, are you aware of any such reports in Ubuntu?
no, this is the first time.. Build log looks fine to me too, so dunno what's going on.
Hi, all I can say is that it works for me and as I said I get no messages in auth.log from sssd, any messages end up in the logs in /var/log/sssd.
I can only assume that the OP has set sssd up incorrectly, that is why I asked him to post his conf file.
Also, whilst Timo is listening, is there any chance of the latest version in the ppa?
Rowland
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On 07/08/13 11:54, Terry Arter wrote:
Rowland,
I agree with you that I've messed something up somewhere :)
Config file is below.
Cheers,
T.
[sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam domains = *FQDN* debug_level = 0x1310
[nss] reconnection_retries = 3 debug_level = 0x1310
[pam] reconnection_retries = 3 pam_verbosity = 3 debug_level = 0x1310
[domain/*FQDN*] description = LDAP domain with AD server enumerate = true min_id = 500 id_provider = ldap auth_provider = krb5 chpass_provider = none debug_level = 0x1310
dns_discovery_domain = *fqdn* krb5_realm = *FQDN* krb5_server = *ip address* krb5_canonicalize = false
ldap_uri = ldap://*ip address*
ldap_schema = rfc2307bis ldap_sasl_mech = GSSAPI
ldap_user_search_base = OU=Domain Users,DC=... ldap_user_object_class = user ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_user_name = sAMAccountName ldap_user_modify_timestamp = whenChanged ldap_user_ad_account_expires = userAccountControl
ldap_group_search_base = OU=Domain Groups,DC=... ldap_group_object_class = group
ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true ldap_disable_referrals = true
On 07/08/13 11:32, Rowland Penny wrote:
On 07/08/13 11:06, Timo Aaltonen wrote:
On 06.08.2013 19:30, Jakub Hrozek wrote:
On Tue, Aug 06, 2013 at 05:07:40PM +0100, Rowland Penny wrote:
On 06/08/13 16:59, Terry Arter wrote:
Hi Rowland,
Thanks for the quick answer. I updated the computer and it made matters worst :)
When doing: service sssd restart, I now get this error every few seconds. Before I would only see four of those errors.
Cheers,
T.
On 05/08/13 17:12, Rowland Penny wrote: > On 05/08/13 16:53, Terry Arter wrote: >> Hi, >> >> I'm using sssd for the first time and I'm seeing these errors in >> the auth.log file: >> >> Aug 5 15:30:07 ***** sssd_be: canonuserfunc error -7 >> Aug 5 15:30:07 ***** sssd_be: _sasl_plugin_load failed on >> sasl_canonuser_init for plugin: ldapdb >> >> I've Googled for a solution but haven't found one. >> >> I'm using Ubuntu 12.04LTS with sssd - 1.8.6. >> >> Any help is appreciated. >> >> Cheers, >> >> T. >> _______________________________________________ >> sssd-users mailing list >> sssd-users@lists.fedorahosted.org >> https://lists.fedorahosted.org/mailman/listinfo/sssd-users > You could try updating sssd from the sssd ppa: > > nano /etc/apt/sources.list > > Add: > > deb http://ppa.launchpad.net/sssd/updates/ubuntu precise main > deb-src http://ppa.launchpad.net/sssd/updates/ubuntu precise main > > # Add the key > gpg --keyserver subkeys.pgp.net --recv B9BF7660CA45F42B > > gpg --export --armor CA45F42B | sudo apt-key add - > > apt-get update > apt-get upgrade > > You should end up with version 1.9.5 >
OK, I have checked my /var/log/auth.log and sssd is not mentioned at all, could you please post your sssd.conf file
Rowland
This sounds to me like some kind of build error. Timo, are you aware of any such reports in Ubuntu?
no, this is the first time.. Build log looks fine to me too, so dunno what's going on.
Hi, all I can say is that it works for me and as I said I get no messages in auth.log from sssd, any messages end up in the logs in /var/log/sssd.
I can only assume that the OP has set sssd up incorrectly, that is why I asked him to post his conf file.
Also, whilst Timo is listening, is there any chance of the latest version in the ppa?
Rowland
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, I use this sssd.conf against a samba4 AD server, with the correct RFC2307 attributes in the database, it is working.
[sssd] config_file_version = 2 domains = example.com services = nss, pam
[nss]
[pam]
[domain/example.com] description = AD domain with Samba 4 server cache_credentials = true enumerate = true id_provider = ldap auth_provider = krb5 chpass_provider = krb5 access_provider = ldap
krb5_server = samba4server.example.com krb5_kpasswd = samba4server.example.com krb5_realm = example.com
ldap_referrals = false ldap_sasl_mech = GSSAPI ldap_schema = rfc2307bis ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true
ldap_user_object_class = user ldap_user_name = sAMAccountName ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName
ldap_group_object_class = group ldap_group_name = sAMAccountName
I notice that your users are in a different OU than mine, mine are in CN=Users,DC=example,DC=com, but I do not think this has anything to do with your problem.
What OS is your AD server running?
Rowland
Rowland,
The server OS is Ubuntu with samba 4.0.7.
However, using your config file as a base I was able to narrow down the error. It seems that "ldap_disable_referrals = true" was the problem line. I replaced this with "ldap_referrals = false".
Now I get the error once when restarting the sssd service, but I'm able to logon to the client and authenticate against samba4.
Many thanks for your help.
Cheers,
T.
On 07/08/13 14:04, Rowland Penny wrote:
On 07/08/13 11:54, Terry Arter wrote:
Rowland,
I agree with you that I've messed something up somewhere :)
Config file is below.
Cheers,
T.
[sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam domains = *FQDN* debug_level = 0x1310
[nss] reconnection_retries = 3 debug_level = 0x1310
[pam] reconnection_retries = 3 pam_verbosity = 3 debug_level = 0x1310
[domain/*FQDN*] description = LDAP domain with AD server enumerate = true min_id = 500 id_provider = ldap auth_provider = krb5 chpass_provider = none debug_level = 0x1310
dns_discovery_domain = *fqdn* krb5_realm = *FQDN* krb5_server = *ip address* krb5_canonicalize = false
ldap_uri = ldap://*ip address*
ldap_schema = rfc2307bis ldap_sasl_mech = GSSAPI
ldap_user_search_base = OU=Domain Users,DC=... ldap_user_object_class = user ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_user_name = sAMAccountName ldap_user_modify_timestamp = whenChanged ldap_user_ad_account_expires = userAccountControl
ldap_group_search_base = OU=Domain Groups,DC=... ldap_group_object_class = group
ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true ldap_disable_referrals = true
On 07/08/13 11:32, Rowland Penny wrote:
On 07/08/13 11:06, Timo Aaltonen wrote:
On 06.08.2013 19:30, Jakub Hrozek wrote:
On Tue, Aug 06, 2013 at 05:07:40PM +0100, Rowland Penny wrote:
On 06/08/13 16:59, Terry Arter wrote: > Hi Rowland, > > Thanks for the quick answer. I updated the computer and it made > matters worst :) > > When doing: service sssd restart, I now get this error every few > seconds. Before > I would only see four of those errors. > > Cheers, > > T. > > > On 05/08/13 17:12, Rowland Penny wrote: >> On 05/08/13 16:53, Terry Arter wrote: >>> Hi, >>> >>> I'm using sssd for the first time and I'm seeing these errors in >>> the auth.log file: >>> >>> Aug 5 15:30:07 ***** sssd_be: canonuserfunc error -7 >>> Aug 5 15:30:07 ***** sssd_be: _sasl_plugin_load failed on >>> sasl_canonuser_init for plugin: ldapdb >>> >>> I've Googled for a solution but haven't found one. >>> >>> I'm using Ubuntu 12.04LTS with sssd - 1.8.6. >>> >>> Any help is appreciated. >>> >>> Cheers, >>> >>> T. >>> _______________________________________________ >>> sssd-users mailing list >>> sssd-users@lists.fedorahosted.org >>> https://lists.fedorahosted.org/mailman/listinfo/sssd-users >> You could try updating sssd from the sssd ppa: >> >> nano /etc/apt/sources.list >> >> Add: >> >> deb http://ppa.launchpad.net/sssd/updates/ubuntu precise main >> deb-src http://ppa.launchpad.net/sssd/updates/ubuntu precise main >> >> # Add the key >> gpg --keyserver subkeys.pgp.net --recv B9BF7660CA45F42B >> >> gpg --export --armor CA45F42B | sudo apt-key add - >> >> apt-get update >> apt-get upgrade >> >> You should end up with version 1.9.5 >> OK, I have checked my /var/log/auth.log and sssd is not mentioned at all, could you please post your sssd.conf file
Rowland
This sounds to me like some kind of build error. Timo, are you aware of any such reports in Ubuntu?
no, this is the first time.. Build log looks fine to me too, so dunno what's going on.
Hi, all I can say is that it works for me and as I said I get no messages in auth.log from sssd, any messages end up in the logs in /var/log/sssd.
I can only assume that the OP has set sssd up incorrectly, that is why I asked him to post his conf file.
Also, whilst Timo is listening, is there any chance of the latest version in the ppa?
Rowland
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
OK, I use this sssd.conf against a samba4 AD server, with the correct RFC2307 attributes in the database, it is working.
[sssd] config_file_version = 2 domains = example.com services = nss, pam
[nss]
[pam]
[domain/example.com] description = AD domain with Samba 4 server cache_credentials = true enumerate = true id_provider = ldap auth_provider = krb5 chpass_provider = krb5 access_provider = ldap
krb5_server = samba4server.example.com krb5_kpasswd = samba4server.example.com krb5_realm = example.com
ldap_referrals = false ldap_sasl_mech = GSSAPI ldap_schema = rfc2307bis ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true
ldap_user_object_class = user ldap_user_name = sAMAccountName ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName
ldap_group_object_class = group ldap_group_name = sAMAccountName
I notice that your users are in a different OU than mine, mine are in CN=Users,DC=example,DC=com, but I do not think this has anything to do with your problem.
What OS is your AD server running?
Rowland
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Thu, Aug 08, 2013 at 12:50:41PM +0100, Terry Arter wrote:
Rowland,
The server OS is Ubuntu with samba 4.0.7.
However, using your config file as a base I was able to narrow down the error. It seems that "ldap_disable_referrals = true" was the problem line. I replaced this with "ldap_referrals = false".
Now I get the error once when restarting the sssd service, but I'm able to logon to the client and authenticate against samba4.
Many thanks for your help.
Cheers,
T.
Right, disabling referrals is recommended when configuring SSSD with AD and S4 should act just like AD, so the same applies...
I still have no idea why you saw that error message, though.
sssd-users@lists.fedorahosted.org