I have setup with 3 clients and server. Server runs samba as AD and ldap + kerberos. Clients use sss: 1) fedora with 2.0.0, 2) centos with 1.16.0 and 3) centos with 1.16.2. All clients use 1:1 sssd.conf. I want sss to use primary group id from gidNumber record in ldap and I have no issues with first and second clients. But not third. I don't understand why but primary gid is set equal to uid. Can't see anything relevant in logs.
Where to dig? sssd.conf: [domain/default] id_provider = ldap ldap_uri = ldap://pdc.lkkm/ ldap_id_use_start_tls = True ldap_tls_cacertdir = /etc/openldap/cacerts ldap_search_base = dc=pdc,dc=lkkm ldap_default_bind_dn = <DN> ldap_default_authtok_type = password ldap_default_authtok = <password> ldap_user_search_base = cn=Users,dc=pdc,dc=lkkm ldap_user_home_directory = unixHomeDirectory ldap_user_object_class = person ldap_group_search_base = dc=PosixGroups,dc=pdc,dc=lkkm ldap_group_object_class = group auth_provider = krb5 chpass_provider = krb5 krb5_server = pdc.lkkm krb5_kpasswd = pdc.lkkm krb5_realm = PDC.LKKM krb5_store_password_if_offline = False krb5_ccname_template = KEYRING:persistent:%{uid} krb5_auth_timeout = 15 _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
