LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-22-2014, 10:25 PM   #1
abhi001neo
LQ Newbie
 
Registered: Sep 2014
Posts: 1

Rep: Reputation: Disabled
Thumbs down SSSD response inconsistent with Active Directory


We have integrated the SUSE Linux (version 11 Patch level 2) with the Microsoft Active Directory(AD) using the SSSD utility(version 1.5.11) for facilitating the AD

Users and Groups on Linux host. We have added the "sss" as the sources for "passwd", "group", "shadow" within the "/etc/nsswitch.conf" file.

We are facing some inconsistency issues from SSSD while fetching the User/Group information through "id" command. It appears that we are facing this inconsistency only

while SSSD interacts with Domain Controller with version Windows Server 2008 R2, and not while SSSD is interacting with Windows Server 2003 R2 based domain controller.
Please find the response/output from Linux host (terminal) as below:

1) For Windows Server 2008 R2 based Domain Controller
controller@indelappvm02:~> id user_hadoop_3001
uid=2763510(user_hadoop_3001) gid=100513(Domain Users) groups=100513(Domain Users),2816151(Mygroups-hadoop-GED_KPI),2115887,2812298(Mygroups-hadoop-

DAS_ANALYST),2812208(Mygroups-hadoop-CV_US),2809985(Mygroups-hadoop-DB_TICKET),2816149(Mygroups-hadoop-TLM),2827118(Mygroups-hadoop-DAS_ALL),2819228(Mygroups-hadoop-

IMAGINE_GED_LON),2820642(Mygroups-hadoop-IMHOTEP),2812212(Mygroups-hadoop-

OPEX),2024985,2356240,2358411,2100126,2115932,2099968,2337579,1743308,1463380,2100236,1881724,170745 6


2) For Windows Server 2003 R2 based Domain Controller
controller@indelappvm02:~> id user_hadoop_3001
uid=2763510(user_hadoop_3001) gid=100513(Domain Users) groups=100513(Domain Users),2816151(Mygroups-hadoop-GED_KPI),2812208(Mygroups-hadoop-CV_US),2819228(Mygroups-

hadoop-IMAGINE_GED_LON),2827118(Mygroups-hadoop-DAS_ALL),2812298(Mygroups-hadoop-DAS_ANALYST),2809985(Mygroups-hadoop-DB_TICKET),2816149(Mygroups-hadoop-TLM),2820642

(Mygroups-hadoop-IMHOTEP),2812212(Mygroups-hadoop-OPEX)


Below is the configuration of /etc/sssd/sssd.conf

##############################################################
[sssd]
debug_level = 5
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 10
services = nss,pam
domains = mytest

[nss]
debug_level = 5
filter_groups = root
filter_users = root
reconnection_retries = 3
entry_cache_timeout = 300
entry_cache_nowait_percentage = 75

[pam]
debug_level = 0
reconnection_retries = 3
offline_credentials_expiration = 0
offline_failed_login_attempts = 0
offline_failed_login_delay = 5

[domain/local]
id_provider = local
min_id = 1
max_id = 499
enumerate = False

[domain/mytest]
debug_level = 9
description = Kerberos 5 domain with Active Directory servers
id_provider = ldap
auth_provider = krb5
access_provider = ldap
min_id = 500
enumerate = False
timeout = 10
cache_credentials = True
entry_cache_timeout = 300
krb5_canonicalize = False

# General -----------------------
# LDAP
ldap_uri = ldap://inddelvm25.mytest.com
ldap_default_authtok_type = password
ldap_default_bind_dn = linux@mytest.com
ldap_default_authtok = *******

ldap_id_mapping = True
ldap_user_objectsid = objectSid
ldap_idmap_range_min = 100000
ldap_idmap_range_max = 2000100000
ldap_idmap_range_size = 2000000000

ldap_access_filter = (cn=*)
ldap_user_search_base = DC=mytest,DC=com
ldap_group_search_base = DC=mytest,DC=com?subtree?(|(CN=Mygroups-hadoop-*)(CN=Domain Users))
ldap_referrals = False
ldap_search_timeout = 20
ldap_network_timeout = 20

# KRB5
chpass_provider = krb5
ldap_force_upper_case_realm = True
krb5_server = inddelvm25.mytest.com
krb5_realm = mytest.com
krb5_store_password_if_offline = True
krb5_auth_timeout = 15

# Mapping --------------------
ldap_schema = ad
ldap_user_object_class = user
ldap_group_object_class = group
ldap_user_name = sAMAccountName
ldap_group_name = sAMAccountName
ldap_id_use_start_tls = False
krb5_kdcip = inddelvm25.mytest.com

##############################################################

Can somebody suggest for how do we make SSSD to work with Windows Server 2008 R2 based domain controller.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
trying to connect redhat 6.4 to windows active directory, ussing SSSD/LDAP UNIX Zyklon Red Hat 1 09-23-2014 02:18 PM
Samba, SSSD, Active Directory 2008 R2 and ACLs on Windows clients HowellBP Linux - Server 2 10-07-2013 03:37 PM
SSO SSSD/Kerberos/LDAP with Active Directory yuanjunliang Linux - Server 1 09-13-2013 03:59 PM
Winbind / KRB / SSSD / Active Directory Howto? rrue Linux - Server 2 10-11-2012 01:48 PM
inconsistent response to netbios aliases on samba 3.0.22 and 3.0.19.4E.9 mihaisofti Linux - Server 1 09-18-2006 06:12 PM


All times are GMT -5. The time now is 04:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration