Am Wed, Nov 23, 2022 at 03:55:25PM +0100 schrieb Francis Augusto Medeiros-Logeay: ... > >> > >> Here it is: > >> > >> userPrincipalName: francis > > > > Hi, > > > > ok, this explains the failure. It is expected that the attribute value > > is '[email protected]', see e.g. > > https://learn.microsoft.com/en-us/windows/win32/adschema/a-userprincipalname > > and > > https://learn.microsoft.com/en-us/windows/win32/ad/naming-properties#userprincipalname > > > > I guess the name was added manually, because if you use the AD tools a > > suitable domain name should be added automatically. Is there a reason > > the name was added in this format? > > > > If possible I would suggest to either remove the attribute completely or > > replace the value with a one in the '[email protected]' format where > > 'domain.name' is wither the name of the AD domain the user is coming > > from or a suitable alternative domain suffix if those are defined in > > your AD environment. > > > > bye, > > Sumit > > Hi Sumit, > > We are fixing that. But we changed the userPrincipalName to [email protected] > <mailto:[email protected]>, and still have errors no matter with or without > ldap_user_principal, the latter testet with nosuchattribute and with > userPrincipalName. It only works with krb5_validate = false. > > We get `No mapping for: [email protected] > <mailto:[email protected]>` on the logs.
Hi, this messages is expected, it means that are are no explicit mappings for the user name to a Kerberos principal with the krb5_map_user option in sssd.conf. Please, if possible, send the full log together with krb5_child.log and sssd_pac.log if those files have some content. bye, Sumit > > Best, > Francis > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
