[Samba] sssd configuration

Lars Hanke debian at lhanke.de
Tue Sep 16 03:40:07 MDT 2014

Am 16.09.2014 09:19, schrieb Karel Lang AFD:
> i'm not completely sure, if this is related to your problem, but when i
> was configuring sssd.conf to look for information at 389 directory
> server i had problem with 'id' command not showing the supplementary
> groups of user.
> Problem was in combination of 'ldap_schema' and 'ldap_group_member'.
> The 'id' command got working properly when i used combination of:
> ldap_schema = rfc2307 with ldap_group_member = memberUID
> or
> ldap_schema = rfc2307bis with ldap_group_member = uniquemember
> Other combinations were failures
> Might that have any infuence?

I won't exclude that such mapping issues may cause what I see, but at 
least I know there's neither uniqueMember nor memberUID fields in the 
LDAP. Also, it can name the user for PAM and it figures out all groups 
it is a member of. So a mapping issue at least doesn't sound like the 
first place to look for.

But this is what I hate with all those authentication systems: a lot of 
obscure errors don't produce any error message and another lot produces 
useless error messages like 'generic authentication failure'. From that 
perspective sssd debug options are really commendable, but apparently 
still not adequately explanatory.

  - lars.

More information about the samba mailing list