[SSSD-users] id / getent not finding AD users

Tue, 18 Jun 2019 11:57:58 -0700 

Hi Guys,


i have 2 Ubuntu 16.04 servers that have their users run by AD.  The sssd.conf 
and output of "realm list" is identical for both servers.  However, one of them 
can't seem to find the AD users, so ssh fails.  I tried doing id <user>  and 
getent passwd <user>  and it doesn't find them.


Do you know what the issue might be?


Thanks,

Thomas


Here is my sssd.conf:


# cat /etc/sssd/sssd.conf
[autofs]
debug_level=1

[krb5]
debug_level=1

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3
debug_level=1

[sssd]
domains = MYDOMAIN.ca
config_file_version = 2
services = nss, pam, ssh, autofs
debug_level=1

[domain/MYDOMAIN.ca]
ad_domain = MYDOMAIN.ca
krb5_realm = MYDOMAIN.CA
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
#use_fully_qualified_names = True
override_homedir = /NAS/home/%u
fallback_homedir = /home/%u
access_provider = simple
debug_level=1
ignore_group_members=True
simple_allow_groups = perform_hpc


and output of realm list:

# realm list
MYDOMAIN.ca
  type: kerberos
  realm-name: MYDOMAIN.CA
  domain-name: MYDOMAIN?.ca
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: libnss-sss
  required-package: libpam-sss
  required-package: adcli
  required-package: samba-common-bin
  login-formats: %U
  login-policy: allow-permitted-logins
  permitted-logins:
  permitted-groups:





_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]

Reply via email to