On Tue, Jun 18, 2019 at 06:57:14PM +0000, Thomas Beaudry wrote: > Hi Guys, > > > i have 2 Ubuntu 16.04 servers that have their users run by AD. The sssd.conf > and output of "realm list" is identical for both servers. However, one of > them can't seem to find the AD users, so ssh fails. I tried doing id <user> > and getent passwd <user> and it doesn't find them. > > > Do you know what the issue might be?
Not without logs, see: https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html > > > Thanks, > > Thomas > > > Here is my sssd.conf: > > > # cat /etc/sssd/sssd.conf > [autofs] > debug_level=1 > > [krb5] > debug_level=1 > > [nss] > filter_groups = root > filter_users = root > reconnection_retries = 3 > > [pam] > reconnection_retries = 3 > debug_level=1 > > [sssd] > domains = MYDOMAIN.ca > config_file_version = 2 > services = nss, pam, ssh, autofs > debug_level=1 > > [domain/MYDOMAIN.ca] > ad_domain = MYDOMAIN.ca > krb5_realm = MYDOMAIN.CA > realmd_tags = manages-system joined-with-adcli > cache_credentials = True > id_provider = ad > krb5_store_password_if_offline = True > default_shell = /bin/bash > ldap_id_mapping = True > #use_fully_qualified_names = True > override_homedir = /NAS/home/%u > fallback_homedir = /home/%u > access_provider = simple > debug_level=1 > ignore_group_members=True > simple_allow_groups = perform_hpc > > > and output of realm list: > > # realm list > MYDOMAIN.ca > type: kerberos > realm-name: MYDOMAIN.CA > domain-name: MYDOMAIN?.ca > configured: kerberos-member > server-software: active-directory > client-software: sssd > required-package: sssd-tools > required-package: sssd > required-package: libnss-sss > required-package: libpam-sss > required-package: adcli > required-package: samba-common-bin > login-formats: %U > login-policy: allow-permitted-logins > permitted-logins: > permitted-groups: > > > > > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
