On Wed, Jun 25, 2014 at 11:55:14AM +0200, Sven Geggus wrote: > Jakub Hrozek schrieb am Dienstag, den 24. Juni um 15:59 Uhr: > > > My guess is that the SSSD expects the group entries to have > > objectclass=group. > > Hm, I already suspected something like this might be the case. > > When running sssd with debug option I get something like this: > > [sssd[nss]] [nss_cmd_getgrnam_search] (0x0040): No results for getgrnam call > [sssd[nss]] [nss_cmd_getgrnam_search] (0x0040): Group [xxx] does not exist in > [example.com]! (negative cache) > [sssd[nss]] [nss_cmd_getgrnam_search] (0x0040): No matching domain found for > [xxx], fail!
This just means the search failed, doesn't tell why, though. I think the domain logs would be more informative. Can you put debug_level = 6 into the [domain/example.com] section and then check out /var/log/sssd/sssd_example.com.log ? > > Looks like I need to stick with nslcd for now :( In 1.12, we're going to fix https://fedorahosted.org/sssd/ticket/2184 then you could set the same objectclass (maybe 'top' or something) for both users and groups.. > > Sven > > -- > "linux is evolution, not intelligent design" > (Linus Torvalds) > > /me is giggls@ircnet, http://sven.gegg.us/ on the Web > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
