2015-01-23 11:26 GMT+01:00 Longina Przybyszewska <[email protected]>: >> > Maybe you should use the uPNSuffix from domain c.example.org for your >> > user accounts in domains a.c and a.b? Or add a valid one; >> > http://support2.microsoft.com/kb/243629. Is it possible to use that >> > uPNSuffix as default in SSSD? >> >> Yes, since 1.12 >> >> Prior to that, you could use either the SSSD domain name as specified in the >> config file or the NetBIOS name (which was autodiscovered). > > I am limited to the version Ubuntu LTS offers - 1.11.7. > > I added default_domain_suffix = c.example.org to [sssd] section of sssd.conf, > but > User 'longina' from nat.c.example.org can not login on machine joined to > NAT.C.EXAMPLE.COM with short login 'longina' >
Did you change the account longinas UPN suffix from @nat.c.example.org to @c.example.org? > I can search user object 'longina' in Global Catalog in c.example.org and > nat.c.example.org > > Attached log files(sss_pam, sss_nss): > =============== > /etc/sssd/sssd.conf > =============== > > [nss] > debug_level = 9 > filter_groups = root > filter_users = > root,lightdm,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd > > [sssd] > debug_level = 6 > domains = nat.c.example.org > default_domain_suffix = c.example.org > config_file_version = 2 > services = nss,pam > > [pam] > pam_verbosity = 3 > debug_level = 9 > > [domain/nat.c.example.org] > debug_level = 9 > id_provider = ad > access_provider = ad > auth_provider = ad > chpass_provider = ad > ad_domain = nat.c.example.org > krb5_realm = NAT.C.EXAMPLE.ORG > #cache_credentials = True > #krb5_store_password_if_offline = True > default_shell = /bin/bash > override_home_directory = /home/%u > use_fully_qualified_names = False > ldap_id_mapping = False > fallback_homedir = /home-local/%u > > ==========================================0 > sssd_pam.log > =========== > [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate > [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'longina' matched > without domain, user is longina > [sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default domain > [c.example.org] > [sssd[pam]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE > [sssd[pam]] [pam_print_data] (0x0100): domain: c.example.org > [sssd[pam]] [pam_print_data] (0x0100): user: longina > [sssd[pam]] [pam_print_data] (0x0100): service: lightdm > [sssd[pam]] [pam_print_data] (0x0100): tty: :0 > [sssd[pam]] [pam_print_data] (0x0100): ruser: not set > [sssd[pam]] [pam_print_data] (0x0100): rhost: not set > [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 > [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 > [sssd[pam]] [pam_print_data] (0x0100): priv: 1 > [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 1991 > [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for > [NCE/USER/c.example.org/longina] > [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for > [0x40b150:3:[email protected]] > [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for > [c.example.org][3][1][name=longina] > [sssd[pam]] [sbus_add_timeout] (0x2000): 0x13d5420 > [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request > [0x40b150:3:[email protected]] > [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x13d5420 > [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x13d4600 > [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. > [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP > error code: 0 errno: 0 error message: Success > [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for > [[email protected]] > [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x13d6830 > > [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x13d83b0 > [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x13d6830 > > [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x13d83b0 > > [sssd[pam]] [ldb] (0x4000): Running timer event 0x13d6830 "ltdb_callback" > > [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x13d83b0 "ltdb_timeout" > > [sssd[pam]] [ldb] (0x4000): Ending timer event 0x13d6830 "ltdb_callback" > > [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding > [NCE/USER/c.example.org/longina] to negative cache > [sssd[pam]] [pam_check_user_search] (0x0040): No results for getpwnam call > [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [10]. > [sssd[pam]] [pam_reply] (0x0200): blen: 25 > [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: > [0x40b150:3:[email protected]] > [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client > [0x13d93d0][17] > [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x13d0af0 > [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. > [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method [ping] > [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit > [sssd[pam]] [sbus_handler_got_caller_id] (0x4000): Received SBUS method > [ping] > [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client > [0x13d93d0][17] > [sssd[pam]] [client_recv] (0x0200): Client disconnected! > [sssd[pam]] [client_destructor] (0x2000): Terminated client [0x13d93d0][17] > > ==================================== > > sssd_nss.log > ===================================== > > [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from > [c.example.org] > [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for > [NCE/USER/c.example.org/longina] > [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [longina] does not > exist in [c.example.org]! (negative cache) > [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client > [0x1517e10][21] > [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client > [0x1517e10][21] > [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input > [longina]. > [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'longina' matched > without domain, user is longina > [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain > [c.example.org] > [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from > [c.example.org] > [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for > [NCE/USER/c.example.org/longina] > [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [longina] does not > exist in [c.example.org]! (negative cache) > [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client > [0x1517e10][21] > [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client > [0x1517e10][21] > [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input > [longina]. > [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'longina' matched > without domain, user is longina > [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain > [c.example.org] > [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from > [c.example.org] > [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for > [NCE/USER/c.example.org/longina] > [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [longina] does not > exist in [c.example.org]! (negative cache) > [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client > [0x1517e10][21] > [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client > [0x1517e10][21] > [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input > [longina]. > [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'longina' matched > without domain, user is longina > [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain > [c.example.org] > [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from > [c.example.org] > [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for > [NCE/USER/c.example.org/longina] > [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [longina] does not > exist in [c.example.org]! (negative cache) > [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client > [0x1517e10][21] > [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client > [0x1517e10][21] > [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input > [[email protected]]. > [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name > '[email protected]' matched expression for domain > 'nat.c.example.org', user is longina > [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from > [nat.c.example.org] > [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for > [NCE/USER/nat.c.example.org/longina] > [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for > [[email protected]] > [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x151e6a0 > > [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1516d70 > > [sssd[nss]] [ldb] (0x4000): Running timer event 0x151e6a0 "ltdb_callback" > > [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x1516d70 "ltdb_timeout" > > [sssd[nss]] [ldb] (0x4000): Ending timer event 0x151e6a0 "ltdb_callback" > > [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for > [0x417bf0:1:[email protected]] > [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for > [nat.c.example.org][4097][1][name=longina] > [sssd[nss]] [sbus_add_timeout] (0x2000): 0x15282b0 > [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request > [0x417bf0:1:[email protected]] > [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x15282b0 > [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 0x1519600 > [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. > [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP > error code: 0 errno: 0 error message: Success > [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for > [NCE/USER/nat.c.example.org/longina] > [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for > [[email protected]] > [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x151d790 > > [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x151d8c0 > > [sssd[nss]] [ldb] (0x4000): Running timer event 0x151d790 "ltdb_callback" > > [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x151d8c0 "ltdb_timeout" > > [sssd[nss]] [ldb] (0x4000): Ending timer event 0x151d790 "ltdb_callback" > > [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user > [[email protected]] > [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: > [0x417bf0:1:[email protected]] > [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client > [0x1517e10][21] > [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client > [0x1517e10][21] > [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input > [[email protected]]. > [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name > '[email protected]' matched expression for domain 'nat.c.: > example.org', user is longina > [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [longina] from > [nat.c.example.org] > [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for > [NCE/USER/nat.c.example.org/longina] > [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for > [[email protected]] > [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1528190 > > [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1517960 > > [sssd[nss]] [ldb] (0x4000): Running timer event 0x1528190 "ltdb_callback" > > [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x1517960 "ltdb_timeout" > > [sssd[nss]] [ldb] (0x4000): Ending timer event 0x1528190 "ltdb_callback" > > [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. > [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user > [[email protected]] > [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client > [0x1517e10][21] > [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client > [0x1517e10][21] > [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client > [0x1517e10][21] > [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17] with input > [*other]. > [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name '*other' matched > without domain, user is *other > [sssd[nss]] [sss_parse_name_for_domains] (0x0200): using default domain > [c.example.org] > [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [*other] from > [c.example.org] > [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for > [NCE/USER/c.example.org/*other] > [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for > [*[email protected]] > [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1517960 > > [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x151e6a0 > > [sssd[nss]] [ldb] (0x4000): Running timer event 0x1517960 "ltdb_callback" > > [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x151e6a0 "ltdb_timeout" > > [sssd[nss]] [ldb] (0x4000): Ending timer event 0x1517960 "ltdb_callback" > > [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for > [0x417bf0:1:*[email protected]] > [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for > [c.example.org][4097][1][name=*other] > [sssd[nss]] [sbus_add_timeout] (0x2000): 0x151a400 > [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request > [0x417bf0:1:*[email protected]] > [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x151a400 > [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 0x1519600 > [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. > [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP > error code: 0 errno: 0 error message: Success > [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for > [NCE/USER/c.example.org/*other] > [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for > [*[email protected]] > [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1527b00 > ... > [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding > [NCE/USER/c.example.org/*other] to negative cache > [sssd[nss]] [nss_cmd_getpwnam_search] (0x0040): No results for getpwnam call > > Best, > longina > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
