[Freeipa-users] AD trust relationship is established, but IPA cannot see AD users
Guertin, David S.
guertin at middlebury.edu
Tue Mar 3 17:20:23 UTC 2015
> Can you show us your sssd.conf? When SSSD runs on IPA master it should
> not use extdom (ipa_s2n_exop_send and friends) at all.
Sure, here's my sssd.conf:
[domain/csns.middlebury.edu]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = csns.middlebury.edu
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = ipa1.csns.middlebury.edu
chpass_provider = ipa
ipa_server = ipa1.csns.middlebury.edu
ldap_tls_cacert = /etc/ipa/ca.crt
subdomains_provider = ipa
debug_level = 10
[sssd]
services = nss, sudo, pam, ssh, pac
config_file_version = 2
debug_level = 5
domains = csns.middlebury.edu
[nss]
homedir_substring = /home
debug_level = 5
[pam]
debug_level = 10
[sudo]
debug_level = 5
[autofs]
debug_level = 5
[ssh]
debug_level = 5
[pac]
debug_level = 5
[ifp]
debug_level = 5
David Guertin
More information about the Freeipa-users
mailing list