I just added my first ubuntu 16.04 client to our IPA domain and am having problem with HBAC rules randomly denying access to a user that should have access. Users are in AD (ad.nwra.com), I have an external group containing the AD user linked to an IPA group used for the HBAC rule. Much of the time it will work, but sometimes not.
sssd.conf: [domain/nwra.com] cache_credentials = True krb5_auth_timeout = 30 krb5_store_password_if_offline = True ipa_domain = nwra.com id_provider = ipa auth_provider = ipa access_provider = ipa chpass_provider = ipa ipa_server = ipa.nwra.com, _srv_ ldap_tls_cacert = /etc/ipa/ca.crt dns_discovery_domain = nwra.com timeout = 20 debug_level = 5 [sssd] services = nss, sudo, pam, ssh, autofs domains = nwra.com default_domain_suffix = ad.nwra.com debug_level = 5 This is with 1.13.4-1ubuntu1.8 Is there any hope for this version to work? Any reliable source for an updated package? -- Orion Poplawski Technical Manager of NWRA Systems 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane [email protected] Boulder, CO 80301 https://www.nwra.com/ _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
