Hi All,
I'm using sssd to authenticate users from AD and generally this works fine.
However, I have one server that frequently can't resolve AD users:
[root@HOST ~]# id [email protected]
id: [email protected]: no such user
or:
[aduser@HOST ~]# crontab -l
crontab: your UID isn't in the passwd file.
bailing out.
Around that time I see errors like this in the log:
[sssd[be[domain.com]]] [sdap_get_generic_op_finished] (0x0400): Search result:
Referral(10), 0000202B: RefErr: DSID-03100781, data 0, 1 access points
ref 1: 'Domain.com'
After a view minutes it works again.
What puzzles me is that I have 2 other servers with the same config using that
same user which don't have any problem.
I'm running sssd- 1.16.4. 21.el7_7.1 on CentOS Linux release 7.7.1908 (Core)
This is my sssd.conf:
[sssd]
debug_level=9
sbus_timeout = 30
reconnection_retries = 3
services = nss, pam
config_file_version = 2
domains = domain.com
[pam]
debug_level=9
pam_verbosity = 3
reconnection_retries = 3
[nss]
debug_level=9
reconnection_retries = 3
[domain/domain.com]
debug_level=9
ad_site = SITE
use_fully_qualified_names = true
override_homedir = /home/%u
dyndns_update = false
ldap_schema = ad
id_provider = ad
ad_enabled_domains = sub.domain.com, domain.com
ad_gpo_access_control = disabled
case_sensitive = true
cache_credentials = true
min_id = 1000
ldap_id_mapping = False
ldap_group_nesting_level = 4
ldap_user_primary_group = gidNumber
ad_hostname = host.domain.com
ignore_group_members = TRUE
access_provider = simple
simple_allow_groups =
[email protected],[email protected],[email protected]
Thank you,
Christoph
DISCLAIMER
The content of this email and any files transmitted with it may be confidential
and intended solely for the use of the individual named. If you have received
this email in error please let us know and delete the content from your system.
You may NOT copy or disclose the information to anyone. We do not accept any
liability if this email is used for an alternative purpose from which it is
intended, nor to any third party in respect thereof. The sender does not accept
liability for any errors or omissions in the contents of this message, which
arise as a result of e-mail transmission.
Unless we have agreed otherwise in writing, Sony DADC’s Standard Terms and
Conditions of Business will apply to any services and-or
disc/home-entertainment related products we provide to you, our Consumer Sales
General Conditions will apply to any consumer electronics products we supply to
you and our General Conditions of Purchase will apply to any goods and/or
services we purchase from you.
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
