Hi Lucas,
Thanks for the quick follow-up.
I could try that, but as my machine is in production, I am hesitating to
upgrade.
For the record: things used to work before using gssapi, but I changed
the password for the sssd_user account, and then things fell apart. And
I can't seem to find the right way to regenerate a fresh keytab that
works with sssd. Therefore the DN/password attempt.
I have sssd with DN/password running but the "id" only lists some
groups, not all. Compare output SSSD vs WINBIND:
SSSD nsswitch.conf
root@filehost:/etc# id user2
uid=1040(user2) gid=513(Domain Users) groups=513(Domain Users)
WINBIND nsswitch.conf
root@filehost:/etc# id user2
uid=1040(user2) gid=513(domain users) groups=513(domain
users),1065(cdtower),1081(admin forms),.....etc
SSSD nsswitch.conf
root@filehost:/etc/sssd# id user3
uid=1014(user3) gid=513(Domain Users) groups=513(Domain Users),4(adm)
WINBIND nsswitch.conf
root@filehost:/etc/sssd# id user3
uid=1014(user3) gid=513(domain users) groups=513(domain
users),4(adm),1065(cdtower),17375(institute-l),38802(fp8neno).....etc
Winbinds output is correct. I have configured sssd.conf like in the
gssapi days. Here it is:
[sssd]
services = nss, pam
config_file_version = 2
domains = default
# don't forget this:
debug_level = 9
[nss]
[pam]
[domain/default]
ldap_tls_reqcert = never
auth_provider = ldap
ldap_id_use_start_tls = False
chpass_provider = ldap
krb5_realm = SAMBA.COMPANY.COM
cache_credentials = True
debug_timestamps = True
ldap_default_authtok_type = password
ldap_search_base = dc=samba,dc=company,dc=com
debug_level = 3
id_provider = ldap
ldap_schema = rfc2307bis
ldap_default_bind_dn = CN=sssd_user,CN=Users,DC=samba,DC=company,DC=com
min_id = 100
ldap_uri = ldap://dc2.company.com, ldap://dc3.company.com,
ldap://dc4.company.com
krb5_server = dc2.company.com
ldap_default_authtok = secret_password
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_id_mapping=false
ldap_user_object_class = user
ldap_user_name = samAccountName
ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_user_home_directory = unixHomeDirectory
ldap_user_shell = loginShell
ldap_group_object_class = group
ldap_group_name = cn
ldap_group_member = member
Any ideas..?
Hoping to avoid updating to backports, since it has worked in the past...
On 28-3-2017 17:18, Lukas Slebodnik wrote:
On (28/03/17 16:53), mourik jan heupink wrote:
Hi,
I'm trying to get sssd 1.8.4 (comes with debian wheezy) to work with samba4.
As this is an older sssd version, I'll have to use the ldap modus, and not
the AD config.
Or you can use sssd-1.11-7 + ad provider from wheezy backports
https://packages.debian.org/search?suite=wheezy-backports&searchon=names&keywords=sssd
I hope it will work becauase there were some bugfixes in upstream 1.11.8
LS
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
