Hi! I've set up samba4 as ad-dc -- worked right away. Exported the keytab. "klist -ke" looks good: Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 1 [email protected] (aes256-cts-hmac-sha1-96) 1 [email protected] (aes128-cts-hmac-sha1-96) 1 [email protected] (arcfour-hmac) 1 [email protected] (etype 3) 1 [email protected] (etype 1) 1 [email protected] (aes256-cts-hmac-sha1-96) 1 [email protected] (aes128-cts-hmac-sha1-96) 1 [email protected] (arcfour-hmac) 1 [email protected] (etype 3) 1 [email protected] (etype 1) 1 [email protected] (aes256-cts-hmac-sha1-96) 1 [email protected] (aes128-cts-hmac-sha1-96) 1 [email protected] (arcfour-hmac) 1 [email protected] (etype 3) 1 [email protected] (etype 1)
checked kinit with the servers name: # kinit -k AD01\[email protected] # klist Ticketzwischenspeicher: FILE:/tmp/krb5cc_0 Standard-Principal: [email protected] Valid starting Expires Service principal 25.10.2019 19:00:20 26.10.2019 05:00:20 krbtgt/[email protected] erneuern bis 01.11.2019 18:00:20 looks good too. Then configured sssd: [sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam, pac domains = ADA.DE #debug_level = 0x0270 [domain/ADA.DE] enumerate = true cache_credentials = true id_provider = ad auth_provider = ad sudo_provider = none chpass_provider = ad access_provider = ad ad_server = ad01.ada.de, ad02.ada.de ad_maximum_machine_account_password_age = 30 ldap_id_mapping = false use_fully_qualified_names = false fallback_homedir = /home/%d/%u fallback_shell = /bin/bash skel_dir = /etc/skel ldap_schema = ad dyndns_update = false dyndns_refresh_interval = 43200 dyndns_update_ptr = false dyndns_ttl = 3600 debug_level = 0x0270 [nss] filter_groups = root filter_users = root reconnection_retries = 3 #debug_level = 0x0270 [pam] reconnection_retries = 3 #debug_level = 0x0270 [pac] reconnection_retries = 3 #debug_level = 0x0270 Then tried: # getent passwd [email protected] # and got nothing. Any idea anyone? -- Thomas
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
