You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[DATE] [:notice] [pid number] mod_authnz_pam: PAM authentication passed for user aduser@ad.com
[DATE] [:error] [pid number] dbus call GetUserAttr returned value 0 instead of DBUS_TYPE_DICT_ENTRY
Check on spacewalk server:
IPAUSER - works flawlessly
Yes you did, the user requests for AD trusted users are routed through the IPA server, so you need to put the same user_attributes and ldap_user_extra_attrs to the server side's sssd.conf as well.
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/3019
Hello!
Found something, can't fix it myself.
Steps to:
From httpd error log:
Check on spacewalk server:
IPAUSER - works flawlessly
ADUSER - not working as aspected
spacewalk sssd config:
Suppose IFP won't work on trusted domains, with additional attributes, only default ones.
Am i missed something in config with IPA and trusts?
Thank you!
Comments
Comment from jhrozek at 2016-05-22 23:04:48
Yes you did, the user requests for AD trusted users are routed through the IPA server, so you need to put the same user_attributes and ldap_user_extra_attrs to the server side's sssd.conf as well.
Comment from jhrozek at 2016-05-22 23:10:38
btw sorry this is not obvious. I'm juggling several things at the moment, but writing this setup up in docs and a blog post is on my todo list..
Comment from jhrozek at 2016-05-23 18:22:19
The reporter confirmed on IRC that adding the attributes to the server side sssd.conf helped. Closing.
resolution: => worksforme
status: new => closed
Comment from doctor at 2017-02-24 14:49:54
Metadata Update from @doctor:
The text was updated successfully, but these errors were encountered: