On Fri, 2019-08-30 at 18:52 +0200, Sumit Bose wrote: > > On Fri, Aug 30, 2019 at 04:07:39PM +0000, Joakim Tjernlund wrote: > > Decided to try out 2.2.1 and also gave enumerate a try and got somewhat > > strange results: > > > > sssd # getent group > > cjhfj4j_admins:*:145421: > > .... > > > > No group members ? > > > > > > getent passwd > > Only list linux system users and myself > > Where are the rest of the users ? > > Hi, > > since we typically recommend to not use enumeration it might not get the > required testing. Nevertheless can you send your (sanitized) sssd.conf > so that we can try to reproduce the issue? >
Hi Sumit, here is sanitized sssd.conf [sssd] config_file_version = 2 domains = xxx.com services = nss, pam #debug_level = 0x0fff [nss] fallback_homedir = /home/%u default_shell = /bin/bash #debug_level = 0x0fff enum_cache_timeout = 3600 entry_negative_timeout = 300 [pam] #debug_level = 0x0fff [domain/xxx.com] #debug_level = 0xffff timeout = 30 ad_maximum_machine_account_password_age = 0 ignore_group_members = false ldap_id_mapping = false cache_credentials = true enumerate = true ldap_enumeration_refresh_timeout = 1800 entry_cache_timeout = 3600 refresh_expired_interval = 2700 id_provider = ad auth_provider = ad access_provider = permit chpass_provider = ad ad_server = yyy01.xxx.com,yyy02.xxx.com ad_backup_server = byyy01.xxx.com,byyy.xxx.com dyndns_auth = none dyndns_iface = vpn0, wlan0, eth0 dyndns_update = true dyndns_refresh_interval = 600 dyndns_update_ptr = true dyndns_ttl = 3600 case_sensitive = false ldap_referrals = false ldap_sasl_mech = GSSAPI ldap_schema = rfc2307bis ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true krb5_realm = XXX.COM krb5_canonicalize = true krb5_store_password_if_offline = true krb5_use_kdcinfo = False krb5_renewable_lifetime = 7d krb5_lifetime = 24h krb5_renew_interval = 4h _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
