Hi! I am trying to authentticate my ubuntu users via Active directory and also autofs mounting. May be I am doing something wrong or missing some key attributes but I checked it from last couple of days and decided to write.
I have configured my sssd.conf and using ldaps for communication. After troubleshooting my issue now I am able to get the result for my output like getent passwd AD-username and id AD-username I am logged on to ubuntu machine with local account and running id AD-Username and getent passwd AD-username and it takes ages to get reply back. uid=1348(AD-username) gid=100(users) groups=100(users) when I trun getend group groupname then nothing happens. I have attached my sssd.conf file. I am using Ubuntu 18.04 Version: 1.16.1-1ubuntu1.4 Version: 1.16.1-1ubuntu1.4 [sssd] config_file_version = 2 services = nss, pam, sudo, autofs domains = mycompany.local default_domain_suffix = mycompany.local [nss] debug_level = 9 filter_groups = root filter_users = root reconnection_retries = 3 #If want override the shell for all users uncomment follow line #override_shell = /bin/bash [pam] debug_level = 9 [sudo] debug_level = 3 [autofs] [domain/mycompany.local] debug_level = 9 enumerate = false case_sensitive = false cache_credentials = true min_id = 100 #ldap_id_mapping = True #ldap_user_primary_group = primaryGroupID case_sensitive = false ### --- Providers --- ### id_provider = ldap auth_provider = ldap access_provider = simple chpass_provider = ldap ### --- LDAP GENERAL --- ### ldap_id_use_start_tls = false ldap_schema = rfc2307 ldap_tls_cacertdir = /etc/ldap/cacerts #ldap_tls_cacert = /etc/ssl/dc01.cer ### LDAP user search settings ### ldap_user_search_base = DC=mycompany,DC=local # LDAP group search settings ldap_group_search_base = DC=mycompany,DC=local # LDAP Class settings ### --- LDAP Class settings --- #### ldap_user_object_class = user ldap_user_name = sAMAccountName ldap_user_gecos = displayName #ldap_user_principal = userPrincipalName ldap_user_home_directory = unixHomeDirectory ldap_user_member_of = memberOf ldap_group_object_class = group ldap_group_name = sAMAccountName ldap_group_member = memberUid ldap_network_timeout = 3 #ldap_access_filter = (&(objectclass=shadowaccount)(objectclass=posixaccount)) ad_server = dc01.mycompany.local ### --- LDAP connection settings --- ### ldap_uri = ldaps://dc01.mycompany.local:636 ldap_default_bind_dn = CN=serviceaccount,OU=ServiceAccounts,DC=mycompany,DC=local ldap_default_authtok_type = password ldap_default_authtok = mypassword # Access settings via simple # simple_allow_groups = lusers simple_allow_groups = Users ## Temp TEst ldap_opt_timeout = 20 dns_resolver_timeout = 10 ### AutoFS autofs_provider = ldap ldap_autofs_entry_key = cn ldap_autofs_entry_object_class = nisObject ldap_autofs_entry_value = nisMapEntry ldap_autofs_map_name = nisMapName ldap_autofs_map_object_class = nisMap ldap_autofs_search_base = ou=automount,DC=mycompany,dc=local Thanks
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org