On Mon, Jul 19, 2021 at 2:34 PM Steve Traylen <[email protected]> wrote: > > sssd-2.5.1-2.el8 > > With a files domain and an ldap domain in simplified form below then all > works well for me and passwd files are checked and win > before ldap entries. > > However as soon as `default_domain_suffix = mydomain.ch` is added then all > the password entries never match > since it is presumably looking up `<username>@mydomain.ch`.
If you don't have any specific reason to use SSSD' "files domain", you can just disable it and let libnss_files.so handle local users: - sssd.conf: enable_files_domain=false - /etc/nsswitch.conf: change order to "files sss ..." in passwd/groups > While I can understand that this may make sense is there a way > forward to continue to look up in shadowutils domain by username only. > > I am unsure of default_domain_suffix only appends the suffix or actually > forces the lookup to only happen to the mydomain.ch ldap domain. > > ``` > [sssd] > domains = shadowutils, mydomain.ch > > [domain/shadowutils] > id_provider = files > > full_name_format = %1$s > > auth_provider = proxy > proxy_pam_target = sssd-shadowutils > > proxy_fast_alias = True > > [domain/mydomain.ch] > id_provider = ldap > full_name_format = %1$s > ``` > Many Thanks > > Steve Traylen. > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
