[SSSD-users]Re: ldap_id_mapping=False then AD user's password not availabe
On Thu, Feb 6, 2020, at 9:13 PM, Grant Longhurst wrote: > > Out of interest how did you solve it as have the same issue? > I don't see the referenced mail since you didn't quote it, but usually, you need both a uidNumber and gidNumber defined for each user to work everywhere including older sssd version if you're using the ldap_id_mapping=False setting. V/r, James Cassell ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
[SSSD-users] Re: ldap_id_mapping=False then AD user's password not availabe
Out of interest how did you solve it as have the same issue? ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
[SSSD-users] Re: ldap_id_mapping=False then AD user's password not availabe
Thanks Jakub, I solved my problem. ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
[SSSD-users] Re: ldap_id_mapping=False then AD user's password not availabe
On Mon, Feb 18, 2019 at 03:21:55PM -, CharlesLee wrote: > Hi Jakub, > > Yes, I did rm -rf /var/lib/sss/db/* after turn off ldap_id_mapping. > In the linux AD's user can have uidNumber, but the AD user's password was > invalid in linux. Then please follow the debugging steps: https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
[SSSD-users] Re: ldap_id_mapping=False then AD user's password not availabe
Hi Jakub, Yes, I did rm -rf /var/lib/sss/db/* after turn off ldap_id_mapping. In the linux AD's user can have uidNumber, but the AD user's password was invalid in linux. Thanks for your reply. ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
[SSSD-users] Re: ldap_id_mapping=False then AD user's password not availabe
On Fri, Feb 15, 2019 at 09:47:46AM -, CharlesLee wrote: > Hi sumit, > > Thanks for your reply. > > I'm using windows server 2008R2 AD. > I use "ldap_id_mapping=False" because I want the AD's user in linux UID is > gidNumber, if I use "ldap_id_mapping=True" the user's uid in linux will can > not control. > > I want to the AD user in linux can use gidNumber and AD user login linux use > AD password. > So, How should I do ? Do you already have the IDs created and stored in AD? One thing you might need to do after switching the ID mapping on or off is to clear the sssd cache. With newer versions: sssctl cache-remove or with older versions: rm -f /var/lib/sss/db/* systemctl restart sssd ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
[SSSD-users] Re: ldap_id_mapping=False then AD user's password not availabe
Hi sumit, Thanks for your reply. I'm using windows server 2008R2 AD. I use "ldap_id_mapping=False" because I want the AD's user in linux UID is gidNumber, if I use "ldap_id_mapping=True" the user's uid in linux will can not control. I want to the AD user in linux can use gidNumber and AD user login linux use AD password. So, How should I do ? Thanks ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
[SSSD-users] Re: ldap_id_mapping=False then AD user's password not availabe
On Fri, Feb 15, 2019 at 07:05:37AM -, CharlesLee wrote: > Hi everyone, > > I'm using sssd 1.62 in CentOS 7.4。 > The sssd is very good, I love it! > > But, when I use "ldap_id_mapping=False" in /etc/sssd/sssd.conf the user's > password will not availabe. I assume with 'the user's password will not available' you mean that the user cannot log in? I guess that the user cannot even be found if you call 'getent passwd username'. > Why? With "ldap_id_mapping=False" SSSD expects that the POSIX UIDs and GIDs are stored in Active Directory (I assume you are using AD). By default this is not the case and recent version of Windows Servers even removed some tools which made it easy to set them. > How to solve it? Either use "ldap_id_mapping=True" (recommended) or add suit uidNumber and gidNumer attributes in AD to the users and groups. HTH bye, Sumit > > Thanks > ___ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
