[Freeipa-users] AD integration: Could not convert objectSID to a UNIX ID
Guertin, David S.
guertin at middlebury.edu
Tue Mar 17 17:02:15 UTC 2015
> When you changed idrange, it helps to remove SSSD cache, both on IPA
> master and IPA clients and restart SSSD.
OK, I cleared the cache and restarted sssd with:
sss_cache -E
systemctl restart sssd
Still no change in the error: Could not convert objectSID [S-1-5-21-1983215674-46037090-646806464-245906] to a UNIX ID
FWIW, here's my sssd.conf:
[domain/csns.middlebury.edu]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = csns.middlebury.edu
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = genet.csns.middlebury.edu
chpass_provider = ipa
ipa_server = genet.csns.middlebury.edu
ipa_server_mode = True
ldap_tls_cacert = /etc/ipa/ca.crt
[domain/middlebury.edu]
id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = ad
debug_level = 10
[sssd]
services = nss, sudo, pam, ssh
config_file_version = 2
domains = middlebury.edu,csns.middlebury.edu
debug_level = 10
[nss]
homedir_substring = /home
[pam]
[sudo]
[autofs]
[ssh]
#debug_level = 10
[pac]
[ifp]
This is RHEL 7 running sssd-1.12.2 and ipa-server-4.1.0.
Thanks for any suggestions.
David Guertin
More information about the Freeipa-users
mailing list