On Thu, Apr 11, 2013 at 10:22:30AM -0400, Sutton, Harry (GSSE) wrote: > On 04/11/2013 09:55 AM, Simo Sorce wrote: > > > >Because the PAM stack is completely separate from the NSS stack, > >although we suggest people to not do this normally you can use an option > >in nsswitch.conf to avoid falling through NSS modules during the > >initgroups call to avoid paying the penalty for local users. > > > >The option is called 'initgroupss', where you can list files and sss as > >databases. > > > >Note that we normally *do not* recommend this option, here is a > >discussion of the why: > >https://bugzilla.redhat.com/show_bug.cgi?id=835612 > > > >Simo. > > > > Thanks, that works as a workaround. If I can get an answer to my > earlier question about sss_aduser in a LOCAL domain I'll consider > migrating completely to sssd for local and domain logins, at which > point I can remove this modification to nsswitch.
Can you remind me what that problem was? Were you getting some kind of transaction error? Can you run the tool with: sss_useradd --debug-level 10 ? _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users