> 2015-01-23 11:26 GMT+01:00 Longina Przybyszewska <[email protected]>: > >> > Maybe you should use the uPNSuffix from domain c.example.org for > >> > your user accounts in domains a.c and a.b? Or add a valid one; > >> > http://support2.microsoft.com/kb/243629. Is it possible to use that > >> > uPNSuffix as default in SSSD? > >> > >> Yes, since 1.12 > >> > >> Prior to that, you could use either the SSSD domain name as specified > >> in the config file or the NetBIOS name (which was autodiscovered). > > > > I am limited to the version Ubuntu LTS offers - 1.11.7. > > > > I added default_domain_suffix = c.example.org to [sssd] section of > > sssd.conf, but User 'longina' from nat.c.example.org can not login on > machine joined to NAT.C.EXAMPLE.COM with short login 'longina' > > > > Did you change the account longinas UPN suffix from @nat.c.example.org to > @c.example.org?
You mean, longina's attribute in AD object? No. I am afraid, that change is not possible; UPN is set up mostly to 'example.org' for all user accounts - it can differ from person to person, and there is reason for that. Best, Longina > > > I can search user object 'longina' in Global Catalog in c.example.org > > and nat.c.example.org > > > > Attached log files(sss_pam, sss_nss): > > =============== > > /etc/sssd/sssd.conf > > =============== > > > > [nss] > > debug_level = 9 > > filter_groups = root > > filter_users = > > > root,lightdm,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news > > ,mailman,nscd > > > > [sssd] > > debug_level = 6 > > domains = nat.c.example.org > > default_domain_suffix = c.example.org > > config_file_version = 2 > > services = nss,pam > > > > [pam] > > pam_verbosity = 3 > > debug_level = 9 > > > > [domain/nat.c.example.org] > > debug_level = 9 > > id_provider = ad > > access_provider = ad > > auth_provider = ad > > chpass_provider = ad > > ad_domain = nat.c.example.org > > krb5_realm = NAT.C.EXAMPLE.ORG > > #cache_credentials = True > > #krb5_store_password_if_offline = True default_shell = /bin/bash > > override_home_directory = /home/%u use_fully_qualified_names = False > > ldap_id_mapping = False fallback_homedir = /home-local/%u > > > > ==========================================0 > > sssd_pam.log > > =========== > > [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering > > pam_cmd_authenticate [sssd[pam]] [sss_parse_name_for_domains] > > (0x0200): name 'longina' matched without domain, user is longina > > [sssd[pam]] [sss_parse_name_for_domains] (0x0200): using default > > domain [c.example.org] [sssd[pam]] [pam_print_data] (0x0100): > > command: PAM_AUTHENTICATE [sssd[pam]] [pam_print_data] (0x0100): > > domain: c.example.org [sssd[pam]] [pam_print_data] (0x0100): user: > > longina [sssd[pam]] [pam_print_data] (0x0100): service: lightdm > > [sssd[pam]] [pam_print_data] (0x0100): tty: :0 [sssd[pam]] > > [pam_print_data] (0x0100): ruser: not set [sssd[pam]] > > [pam_print_data] (0x0100): rhost: not set [sssd[pam]] > > [pam_print_data] (0x0100): authtok type: 1 [sssd[pam]] > > [pam_print_data] (0x0100): newauthtok type: 0 [sssd[pam]] > > [pam_print_data] (0x0100): priv: 1 [sssd[pam]] [pam_print_data] > > (0x0100): cli_pid: 1991 [sssd[pam]] [sss_ncache_check_str] (0x2000): > > Checking negative cache for [NCE/USER/c.example.org/longina] > > [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for > > [0x40b150:3:[email protected]] > > [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for > > [c.example.org][3][1][name=longina] > > [sssd[pam]] [sbus_add_timeout] (0x2000): 0x13d5420 [sssd[pam]] > > [sss_dp_internal_get_send] (0x0400): Entering request > > [0x40b150:3:[email protected]] > > [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x13d5420 [sssd[pam]] > > [sbus_dispatch] (0x4000): dbus conn: 0x13d4600 [sssd[pam]] > > [sbus_dispatch] (0x4000): Dispatching. > > [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider > > - DP error code: 0 errno: 0 error message: Success [sssd[pam]] > > [pam_check_user_search] (0x0100): Requesting info for > > [[email protected]] [sssd[pam]] [ldb] (0x4000): Added timed event > > "ltdb_callback": 0x13d6830 > > > > [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": > > 0x13d83b0 [sssd[pam]] [ldb] (0x4000): Added timed event > > "ltdb_callback": 0x13d6830 > > > > [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": > > 0x13d83b0 > > > > [sssd[pam]] [ldb] (0x4000): Running timer event 0x13d6830 "ltdb_callback" > > > > [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x13d83b0 > "ltdb_timeout" > > > > [sssd[pam]] [ldb] (0x4000): Ending timer event 0x13d6830 "ltdb_callback" > > > > [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding > > [NCE/USER/c.example.org/longina] to negative cache [sssd[pam]] > > [pam_check_user_search] (0x0040): No results for getpwnam call > [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [10]. > > [sssd[pam]] [pam_reply] (0x0200): blen: 25 [sssd[pam]] > > [sss_dp_req_destructor] (0x0400): Deleting request: > > [0x40b150:3:[email protected]] > > [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client > > [0x13d93d0][17] [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: > > 0x13d0af0 [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. > > [sssd[pam]] [sbus_message_handler] (0x4000): Received SBUS method > > [ping] [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus > > message, quit [sssd[pam]] [sbus_handler_got_caller_id] (0x4000): > > Received SBUS method [ping] [sssd[pam]] [reset_idle_timer] (0x4000): > > Idle timer re-set for client [0x13d93d0][17] [sssd[pam]] [client_recv] > (0x0200): Client disconnected! > > [sssd[pam]] [client_destructor] (0x2000): Terminated client > > [0x13d93d0][17] > > > > ==================================== > > > > sssd_nss.log > > ===================================== > > > > [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for > > [longina] from [c.example.org] [sssd[nss]] [sss_ncache_check_str] > > (0x2000): Checking negative cache for [NCE/USER/c.example.org/longina] > > [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [longina] does > > not exist in [c.example.org]! (negative cache) [sssd[nss]] > > [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1517e10][21] > [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client > [0x1517e10][21] [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running > command [17] with input [longina]. > > [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'longina' > > matched without domain, user is longina [sssd[nss]] > > [sss_parse_name_for_domains] (0x0200): using default domain > > [c.example.org] [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting > > info for [longina] from [c.example.org] [sssd[nss]] > > [sss_ncache_check_str] (0x2000): Checking negative cache for > > [NCE/USER/c.example.org/longina] [sssd[nss]] > > [nss_cmd_getpwnam_search] (0x0400): User [longina] does not exist in > [c.example.org]! (negative cache) [sssd[nss]] [reset_idle_timer] (0x4000): > Idle timer re-set for client [0x1517e10][21] [sssd[nss]] [reset_idle_timer] > (0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]] > [nss_cmd_getbynam] (0x0400): Running command [17] with input [longina]. > > [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'longina' > > matched without domain, user is longina [sssd[nss]] > > [sss_parse_name_for_domains] (0x0200): using default domain > > [c.example.org] [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting > > info for [longina] from [c.example.org] [sssd[nss]] > > [sss_ncache_check_str] (0x2000): Checking negative cache for > > [NCE/USER/c.example.org/longina] [sssd[nss]] > > [nss_cmd_getpwnam_search] (0x0400): User [longina] does not exist in > [c.example.org]! (negative cache) [sssd[nss]] [reset_idle_timer] (0x4000): > Idle timer re-set for client [0x1517e10][21] [sssd[nss]] [reset_idle_timer] > (0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]] > [nss_cmd_getbynam] (0x0400): Running command [17] with input [longina]. > > [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'longina' > > matched without domain, user is longina [sssd[nss]] > > [sss_parse_name_for_domains] (0x0200): using default domain > > [c.example.org] [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting > > info for [longina] from [c.example.org] [sssd[nss]] > > [sss_ncache_check_str] (0x2000): Checking negative cache for > > [NCE/USER/c.example.org/longina] [sssd[nss]] > > [nss_cmd_getpwnam_search] (0x0400): User [longina] does not exist in > [c.example.org]! (negative cache) [sssd[nss]] [reset_idle_timer] (0x4000): > Idle timer re-set for client [0x1517e10][21] [sssd[nss]] [reset_idle_timer] > (0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]] > [nss_cmd_getbynam] (0x0400): Running command [17] with input > [[email protected]]. > > [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name > > '[email protected]' matched expression for domain > > 'nat.c.example.org', user is longina [sssd[nss]] [nss_cmd_getbynam] > > (0x0100): Requesting info for [longina] from [nat.c.example.org] > > [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache > > for [NCE/USER/nat.c.example.org/longina] > > [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for > > [[email protected]] [sssd[nss]] [ldb] (0x4000): Added timed > > event "ltdb_callback": 0x151e6a0 > > > > [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": > > 0x1516d70 > > > > [sssd[nss]] [ldb] (0x4000): Running timer event 0x151e6a0 "ltdb_callback" > > > > [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x1516d70 > "ltdb_timeout" > > > > [sssd[nss]] [ldb] (0x4000): Ending timer event 0x151e6a0 "ltdb_callback" > > > > [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for > > [0x417bf0:1:[email protected]] > > [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for > > [nat.c.example.org][4097][1][name=longina] > > [sssd[nss]] [sbus_add_timeout] (0x2000): 0x15282b0 [sssd[nss]] > > [sss_dp_internal_get_send] (0x0400): Entering request > > [0x417bf0:1:[email protected]] > > [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x15282b0 [sssd[nss]] > > [sbus_dispatch] (0x4000): dbus conn: 0x1519600 [sssd[nss]] > > [sbus_dispatch] (0x4000): Dispatching. > > [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider > > - DP error code: 0 errno: 0 error message: Success [sssd[nss]] > > [sss_ncache_check_str] (0x2000): Checking negative cache for > > [NCE/USER/nat.c.example.org/longina] > > [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for > > [[email protected]] [sssd[nss]] [ldb] (0x4000): Added timed > > event "ltdb_callback": 0x151d790 > > > > [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": > > 0x151d8c0 > > > > [sssd[nss]] [ldb] (0x4000): Running timer event 0x151d790 "ltdb_callback" > > > > [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x151d8c0 > "ltdb_timeout" > > > > [sssd[nss]] [ldb] (0x4000): Ending timer event 0x151d790 "ltdb_callback" > > > > [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for > > user [[email protected]] [sssd[nss]] [sss_dp_req_destructor] > > (0x0400): Deleting request: [0x417bf0:1:[email protected]] > > [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client > > [0x1517e10][21] [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer > > re-set for client [0x1517e10][21] [sssd[nss]] [nss_cmd_getbynam] > (0x0400): Running command [17] with input [[email protected]]. > > [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name > '[email protected]' matched expression for domain 'nat.c.: > > example.org', user is longina > > [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for > > [longina] from [nat.c.example.org] [sssd[nss]] [sss_ncache_check_str] > > (0x2000): Checking negative cache for > > [NCE/USER/nat.c.example.org/longina] > > [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for > > [[email protected]] [sssd[nss]] [ldb] (0x4000): Added timed > > event "ltdb_callback": 0x1528190 > > > > [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": > > 0x1517960 > > > > [sssd[nss]] [ldb] (0x4000): Running timer event 0x1528190 "ltdb_callback" > > > > [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x1517960 > "ltdb_timeout" > > > > [sssd[nss]] [ldb] (0x4000): Ending timer event 0x1528190 "ltdb_callback" > > > > [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. > > [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for > > user [[email protected]] [sssd[nss]] [reset_idle_timer] > > (0x4000): Idle timer re-set for client [0x1517e10][21] [sssd[nss]] > > [reset_idle_timer] (0x4000): Idle timer re-set for client > > [0x1517e10][21] [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set > for client [0x1517e10][21] [sssd[nss]] [nss_cmd_getbynam] (0x0400): > Running command [17] with input [*other]. > > [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name '*other' > > matched without domain, user is *other [sssd[nss]] > > [sss_parse_name_for_domains] (0x0200): using default domain > > [c.example.org] [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting > > info for [*other] from [c.example.org] [sssd[nss]] > > [sss_ncache_check_str] (0x2000): Checking negative cache for > > [NCE/USER/c.example.org/*other] [sssd[nss]] > [nss_cmd_getpwnam_search] > > (0x0100): Requesting info for [*[email protected]] [sssd[nss]] > > [ldb] (0x4000): Added timed event "ltdb_callback": 0x1517960 > > > > [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": > > 0x151e6a0 > > > > [sssd[nss]] [ldb] (0x4000): Running timer event 0x1517960 "ltdb_callback" > > > > [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x151e6a0 > "ltdb_timeout" > > > > [sssd[nss]] [ldb] (0x4000): Ending timer event 0x1517960 "ltdb_callback" > > > > [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for > > [0x417bf0:1:*[email protected]] [sssd[nss]] > > [sss_dp_get_account_msg] (0x0400): Creating request for > > [c.example.org][4097][1][name=*other] > > [sssd[nss]] [sbus_add_timeout] (0x2000): 0x151a400 [sssd[nss]] > > [sss_dp_internal_get_send] (0x0400): Entering request > > [0x417bf0:1:*[email protected]] [sssd[nss]] [sbus_remove_timeout] > > (0x2000): 0x151a400 [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: > > 0x1519600 [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching. > > [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider > > - DP error code: 0 errno: 0 error message: Success [sssd[nss]] > > [sss_ncache_check_str] (0x2000): Checking negative cache for > > [NCE/USER/c.example.org/*other] [sssd[nss]] > [nss_cmd_getpwnam_search] > > (0x0100): Requesting info for [*[email protected]] [sssd[nss]] [ldb] > (0x4000): Added timed event "ltdb_callback": 0x1527b00 ... > > [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding > > [NCE/USER/c.example.org/*other] to negative cache [sssd[nss]] > > [nss_cmd_getpwnam_search] (0x0040): No results for getpwnam call > > > > Best, > > longina > > _______________________________________________ > > sssd-users mailing list > > [email protected] > > https://lists.fedorahosted.org/mailman/listinfo/sssd-users > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
