On 03/20/2015 08:56 PM, McEvoy, James wrote:

When I look at the password entries for my rfc2307 account in Active directory I get three different answers.

The only correct one is on a server where I used sssd to join AD directly ( the last one ). Do I need to configure

rfc2307? When I configured the server to join AD directly I use the option --enablerfc2307bis when I run authconfig.

from a freeipa client:

$ getent passwd jemce...@enas.net


from the ipa server:

[root@ipa ~]# getent passwd jemce...@enas.net

jemce...@enas.net:*:10001:10004:James McEvoy:/home/enas.net/jemcevoy:/bin/bash

from a server that joined AD directly using sssd:

$ getent passwd jemce...@enas.net

jemcevoy:*:10001:10004:James McEvoy:/home/jemcevoy:/bin/bash


Let us step back.
What versions of the server and of the client and on what platforms?

When you set trust, how did you set it?
It might be that IPA server did not detect that you have Posix extensions in AD. There is some heuristics involved so probably you should use explicit parameters to tell IPA whether you have posix in AD or not.

Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to