Ok. Removing and recreating /var/lib/sssd worked.
Thank you very much
> On Thu, Mar 09, 2017 at 12:14:08AM -0000, Maciej Piechotka wrote:
>
> It looks like due to the misconfiguration(?) SSSD stored a wrong
> representation of the canonical Kerberos principal in its cache. I thin
On one computer (Arch) I have misconfigured sssd and when I try to use PAM sssd
tries to get ticket for username\@MYDOMAIN.COM\@mydomain@mydomain.com. On
others (Gentoo) it works find.
(Tue Mar 7 16:10:03 2017) [[sssd[ldap_child[5845 [ldap_child_get_tgt_sync]
(0x0100): Principal name
Ondrej Valousek s3group.com> writes:
>
> Try "net ads keytab add afs" - but it's probably not going to work without
admin privileges in AD.
> O.
>
Thanks. I've run:
% sudo net -U ads keytab add afs
Processing principals to add...
% sudo net -U ads keytab list | grep afs || echo "None found"
I have following configuaration:
[sssd]
config_file_version = 2
domains = domain.com
services = nss, pam
[nss]
[pam]
[domain/domain.com]
cache_credentials = true
id_provider = ad
auth_provider = ad
access_provider = simple
default_shell = /bin/zsh
fallback_homedir = /home/%d/%u