[prev in list] [next in list] [prev in thread] [next in thread]
List: sssd-users
Subject: =?utf-8?q?=5BSSSD-users=5D?= Re: SSSD trusted domain in forest
From: Jakub Hrozek <jhrozek () redhat ! com>
Date: 2017-10-21 18:54:58
Message-ID: 20171021185458.xvheuw37ak5q7tzz () hendrix
[Download RAW message or body]
On Fri, Oct 20, 2017 at 09:39:10PM +0200, Andreas Hauffe wrote:
> Hi,
>
> I try to configure a client that is member of active directory domain
> s2dom.d1dom.dom.example.com which is a subdomain of d1dom.dom.example.com
> which itself is a subdomain of dom.example.com. Now I try to to login with
> users from user@dom.example.com and user1@s2dom.d1dom.dom.example.com. The
> last one works without problems. But I'm not able to get a
> user@dom.example.com working.
>
> my sssd.conf
>
> [sssd]
> services = nss, pam
> config_file_version = 2
> domains = s2dom.d1dom.dom.example.com
>
> [nss]
> default_shell=/bin/bash
> override_homedir = /home/%u
>
> [pam]
>
> [domain/s2dom.d1dom.dom.example.com]
> id_provider = ad
> access_provider = ad
> ldap_schema = ad
> ldap_id_mapping=true
> ldap_idmap_range_min=1000000
> ldap_idmap_range_max=2000000
> ldap_idmap_range_size=1000000
> use_fully_qualified_names = true
Logs are needed, see
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html but as a
general advise I would recommend against touching any of the idmap range
parameters unless you are running a very old (1.12 or older) release of sssd.
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic