search for: ldap_group_object_class

...cn=lynn2,cn=Users,dc=hh3,dc=site ldap_default_authtok = xx ldap_default_authtok_type = password ldap_user_object_class = person ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group #ldap_user_search_filter =(&(objectCategory=User)(uidNumber=*)) I've tried enumerate = true and it works as expected but strangely, only for the first time after sssd is started. it then returns only local users. Any ideas? Cheers, Steve

...s,dc=xxx,dc=xxx ldap_default_authtok_type = password ldap_default_authtok = xxxxxxxx ldap_schema = rfc2307bis ldap_user_search_base = dc=xx,dc=xx ldap_user_object_class = user ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_group_search_base = dc=xx,dc=xx ldap_group_object_class = group ldap_group_member = memberOf access_provider = simple simple_allow_groups = IT ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true [domain/default] cache_credentials = False

...> > > ldap_schema = rfc2307bis > > > > ldap_user_search_base = dc=xx,dc=xx > > ldap_user_object_class = user > > ldap_user_home_directory = unixHomeDirectory > > ldap_user_principal = userPrincipalName > > ldap_group_search_base = dc=xx,dc=xx > > ldap_group_object_class = group > > ldap_group_member = memberOf > > access_provider = simple > > > > > > > > simple_allow_groups = IT > > > > > > ldap_access_order = expire > > ldap_account_expire_policy = ad > > ldap_force_upper_case_realm = true &gt...

...p_uri = ldap://x.y.143.15, ldap://x.y.143.16 ldap_search_base = dc=samba,dc=merit,dc=unu,dc=edu ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_name = cn ldap_group_member = member I hope this is enough info, and one of the sssd guru's here can assist. Again: everything worked while dc1 was online, things stopped working when it was taken offline. Kind regards, Mourik Jan

...>> >>>> ldap_user_search_base = dc=xx,dc=xx >>>> ldap_user_object_class = user >>>> ldap_user_home_directory = unixHomeDirectory >>>> ldap_user_principal = userPrincipalName >>>> ldap_group_search_base = dc=xx,dc=xx >>>> ldap_group_object_class = group >>>> ldap_group_member = memberOf >>>> access_provider = simple >>>> >>>> >>>> >>>> simple_allow_groups = IT >>>> >>>> >>>> ldap_access_order = expire >>>> ldap_accou...

...ur.radiodjiido.nc > ldap_search_base = dc=radiodjiido,dc=nc > ldap_user_object_class = user > ldap_user_name = samAccountName > ldap_user_uid_number = uidNumber > ldap_user_gid_number = gidNumber > ldap_user_home_directory = unixHomeDirectory > ldap_user_shell = loginShell > ldap_group_object_class = group > ldap_group_search_base = dc=radiodjiido,dc=nc > ldap_group_name = cn > ldap_group_member = member > ldap_sasl_mech = gssapi > #ldap_sasl_authid = serveur$ > ldap_sasl_authid = serveur$@RADIODJIIDO.NC > krb5_keytab = /etc/krb5.sssd.keytab > ldap_krb5_init_creds = tr...

...rd > ldap_default_authtok = xxxxxxxx > > ldap_schema = rfc2307bis > > ldap_user_search_base = dc=xx,dc=xx > ldap_user_object_class = user > ldap_user_home_directory = unixHomeDirectory > ldap_user_principal = userPrincipalName > ldap_group_search_base = dc=xx,dc=xx > ldap_group_object_class = group > ldap_group_member = memberOf > access_provider = simple > > > > simple_allow_groups = IT > > > ldap_access_order = expire > ldap_account_expire_policy = ad > ldap_force_upper_case_realm = true > [domain/default] > cache_credentials = False >...

...ok_type = password ldap_default_authtok = 5ER3zx:V ldap_schema = rfc2307bis ldap_user_search_base = dc=companydomain,dc=acc ldap_user_object_class = user ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_group_search_base = dc=companydomain,dc=acc ldap_group_object_class = group Can any one please help me to fix the authentication ?? Kind Regards

...ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_objectsid = objectSid ldap_user_member_of = memberOf ldap_user_gecos = cn ldap_group_search_base = DC=EXAMPLE,DC=COM?subtree?&(objectclass=group)(gidnumber=*) ldap_group_objectsid = objectSid ldap_group_member = member ldap_group_object_class = group ldap_group_uuid = objectGUID ldap_group_nesting_level = 0 krb5_auth_timeout = 5 krb5_renew_interval = 60 krb5_realm = EXAMPLE.COM krb5_server = ad.example.com ldap_krb5_init_creds = true /etc/nsswitch passwd: files sss shadow: files sss group: files sss initgroups: files ss...

....DOMAIN.COM krb5_server = dc01.auth.domain.com krb5_kpasswd = dc01.auth.domain.com ldap_krb5_keytab = /etc/krb5.sssd.keytab ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_user_shell = loginShell ldap_group_object_class = group ----------------------------------------------------------------------------------------------------------------- Here is the getfacl on my Folder that I'm trying to get to respect ACL's on for the Macs: getfacl /Groups/Digital\ Magazine/ getfacl: Removing leading '/...

...ne.earth.local ldap_search_base = dc=earth,dc=local dyndns_update=false ldap_id_mapping=false ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_name = cn ldap_group_member = member Any idea what I am missing? Can I enable some debugging somewhere to see what I am doing wrong? Many thanks in advance. regards, Kenneth P.S.: - OS is Debian Wheezy on a B3 - Samba is 4.1.4 compiled from sernet - BIND 9.8.4-rpz2+rl005.12...

...307bis > > > > > > ldap_user_search_base = dc=xx,dc=xx > > > ldap_user_object_class = user > > > ldap_user_home_directory = unixHomeDirectory > > > ldap_user_principal = userPrincipalName > > > ldap_group_search_base = dc=xx,dc=xx > > > ldap_group_object_class = group > > > ldap_group_member = memberOf > > > access_provider = simple > > > > > > > > > > > > simple_allow_groups = IT > > > > > > > > > ldap_access_order = expire > > > ldap_account_expire_policy = ad &gt...

....DOMAIN.COM krb5_server = dc01.auth.domain.com krb5_kpasswd = dc01.auth.domain.com ldap_krb5_keytab = /etc/krb5.sssd.keytab ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_user_shell = loginShell ldap_group_object_class = group > > > > ----------------------------------------------------------------------------------------------------------------- > > > Here is the getfacl on my Folder that I'm trying to get to respect ACL's on for the Macs: > > > > getfacl /Groups/Digital\...

....DOMAIN.COM krb5_server = dc01.auth.domain.com krb5_kpasswd = dc01.auth.domain.com ldap_krb5_keytab = /etc/krb5.sssd.keytab ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_user_shell = loginShell ldap_group_object_class = g roup > > > > ----------------------------------------------------------------------------------------------------------------- > > > Here is the getfacl on my Folder that I'm trying to get to respect ACL's on for the Macs: > > > > getfacl...

...che_credentials = true id_provider = ldap #auth_provider = ldap ldap_schema = rfc2307bis ldap_user_principal = userPrincipalName ldap_user_fullname = displayName ldap_user_name = sAMAccountName ldap_user_object_class = user ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_force_upper_case_realm = True ldap_uri = ldap://192.168.192.50 ldap_search_base = dc=ad,dc=company,dc=com ldap_id_use_start_tls = false ldap_tls_reqcert = never ldap_tls_cacert = /etc/sssd/ca.company.com.crt access_provider = ldap ldap_access_filter = memberOf=cn=ServerAdmins,ou=Gro...