We've been using SSSD with our AD domain (please forgive the domain name...) with the following config on Ubuntu 16.04 for a year or so, with no problems at all. Joined to the domain with realmd.
[sssd] config_file_version = 2 reconnection_retries = 3 services = nss,pam domains = SMALLBUSINESS.LAN [nss] [pam] [domain/SMALLBUSINESS.LAN] access_provider = ad ad_domain = SMALLBUSINESS.LAN ad_gpo_access_control = permissive cache_credentials = True default_shell = /bin/bash fallback_homedir = /home/%u id_provider = ad krb5_realm = SMALLBUSINESS.LAN krb5_store_password_if_offline = True ldap_id_mapping = True realmd_tags = manages-system joined-with-samba However recently we've had a lot of problems with people being unable to login when not connected to the network. This is with the handful of Ubuntu 17.04 machines I've started to roll out (SSSD 1.15.2 rather than 1.13.4 on 16.04). After spending about a day reading up and trying every configuration under the sun, I've found that the password doesn't appear to be cached on the 17.04 machine. If I run "ldbsearch -H /var/lib/sss/db/cache_SMALLBUSINESS.LAN.ldb "(&(objectClass=user)(cachedPassword=*))" name gidNumber cachedPassword" on my machine I get no results, but I get results on the working 16.04 machine. I'm at my wits' end with this, so any suggestions you've got will be much appreciated! Many Thanks Sam -- *Laminar Data - Secure cloud-based platform for managing, sharing and monetizing aeronautical data* *Learn More <https://laminardata.aero>*
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
