Thanks, I'll check it out.
On Sun, Jul 8, 2018 at 2:30 PM Michael Ströder wrote:
> Disclaimer: I did not follow this thread closely.
>
> On 07/08/2018 08:06 PM, Spike White wrote:
> > Yes, most of the groups missing when I set 'ldap_use_tokengroups = true'
> > are universal groups.
>
> I
Disclaimer: I did not follow this thread closely.
On 07/08/2018 08:06 PM, Spike White wrote:
Yes, most of the groups missing when I set 'ldap_use_tokengroups = true'
are universal groups.
I vaguely remember that Volker said something about this in his FOSDEM talk:
Yes, most of the groups missing when I set 'ldap_use_tokengroups = true'
are universal groups.I don't know where universal groups reside.
Whether it's in the parent domain (dell.com), or in the GC or where. (I'm
not a AD expert -- I'm a Linux engineer that has has done some AD
integration
On Wed, Jul 04, 2018 at 03:24:47AM -0500, Spike White wrote:
> Thanks for responding.
>
> what you said was not exactly my situation, but it got me poking around and
> finally I got the configuration working.
>
> I find this interesting item when looking at various sssd subcommands;
>
>
Thanks for responding.
what you said was not exactly my situation, but it got me poking around and
finally I got the configuration working.
I find this interesting item when looking at various sssd subcommands;
[root@spikerealmd02 ~]# sssctl domain-list
amer.dell.com
apac.dell.com
emea.dell.com
On Mon, Jul 02, 2018 at 09:52:17AM -0500, Spike White wrote:
> Thanks for prompt reply.
>
> Yes, user name is strewn throughout sssd_nss.log.Here's the last little
> bit:
>
> (Sun Jul 1 15:21:12 2018) [sssd[nss]] [cache_req_search_ncache] (0x0400):
> CR #1653: Checking negative cache for
Thanks for prompt reply.
Yes, user name is strewn throughout sssd_nss.log.Here's the last little
bit:
(Sun Jul 1 15:21:12 2018) [sssd[nss]] [cache_req_search_ncache] (0x0400):
CR #1653: Checking negative cache for [admjesse_c...@japn.dell.com]
(Sun Jul 1 15:21:12 2018) [sssd[nss]]
On Sun, Jul 01, 2018 at 03:25:26PM -0500, Spike White wrote:
> sssd subject matter experts,
>
> Why is my sssd deployment not doing cross-subdomain AD authentication?
>
>
>
> *Background:*
>
> I have a parent AD domain DELL.COM with trusted subdomains AMER.DELL.COM,
> APAC.DELL.COM,