[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sssd-users
Subject:    =?utf-8?q?=5BSSSD-users=5D?= Re: SSSD trusted domain in forest
From:       Jakub Hrozek <jhrozek () redhat ! com>
Date:       2017-10-21 18:54:58
Message-ID: 20171021185458.xvheuw37ak5q7tzz () hendrix
[Download RAW message or body]

On Fri, Oct 20, 2017 at 09:39:10PM +0200, Andreas Hauffe wrote:
> Hi,
> 
> I try to configure a client that is member of active directory domain
> s2dom.d1dom.dom.example.com which is a subdomain of d1dom.dom.example.com
> which itself is a subdomain of dom.example.com. Now I try to to login with
> users from user@dom.example.com and user1@s2dom.d1dom.dom.example.com. The
> last one works without problems. But I'm not able to get a
> user@dom.example.com working.
> 
> my sssd.conf
> 
> [sssd]
> services = nss, pam
> config_file_version = 2
> domains = s2dom.d1dom.dom.example.com
> 
> [nss]
> default_shell=/bin/bash
> override_homedir = /home/%u
> 
> [pam]
> 
> [domain/s2dom.d1dom.dom.example.com]
> id_provider = ad
> access_provider = ad
> ldap_schema = ad
> ldap_id_mapping=true
> ldap_idmap_range_min=1000000
> ldap_idmap_range_max=2000000
> ldap_idmap_range_size=1000000
> use_fully_qualified_names = true

Logs are needed, see
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html but as a
general advise I would recommend against touching any of the idmap range
parameters unless you are running a very old (1.12 or older) release of sssd.
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org

[prev in list] [next in list] [prev in thread] [next in thread]