> When you changed idrange, it helps to remove SSSD cache, both on IPA
> master and IPA clients and restart SSSD.

OK, I cleared the cache and restarted sssd with:

sss_cache -E
systemctl restart sssd

Still no change in the error: Could not convert objectSID 
[S-1-5-21-1983215674-46037090-646806464-245906] to a UNIX ID

FWIW, here's my sssd.conf:

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = csns.middlebury.edu
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = genet.csns.middlebury.edu
chpass_provider = ipa
ipa_server = genet.csns.middlebury.edu
ipa_server_mode = True
ldap_tls_cacert = /etc/ipa/ca.crt

id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = ad
debug_level = 10

services = nss, sudo, pam, ssh
config_file_version = 2
domains = middlebury.edu,csns.middlebury.edu
debug_level = 10

homedir_substring = /home




#debug_level = 10



This is RHEL 7 running sssd-1.12.2 and ipa-server-4.1.0.

Thanks for any suggestions.

David Guertin

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to