Stephen Gallagher wrote: > Michael, please post your [sanitized] sssd.conf somewhere. Right now, my > best guess would be that you are using LDAPS or LDAP+TLS and are having > a certificate error. Yes, I don't have a CA cert, so it will not pass a cert test. I have "tls_checkpeer no" in my /etc/ldap.conf. Is there something similar for sssd? I could not find it in the man pages. [domain/default] auth_provider = ldap cache_credentials = True ldap_search_base = dc=domain,dc=com krb5_realm = EXAMPLE.COM chpass_provider = ldap id_provider = ldap ldap_id_use_start_tls = True debug_level = 0 min_id = 1000 ldap_uri = ldap://intranet.domain.com/ krb5_kdcip = kerberos.example.com ldap_tls_cacertdir = /etc/openldap/cacerts > > My second-best guess is that your users' UID or primary GID is< 1000, > which is ignored by SSSD by default. (We've decided upstream that we're > going to change this default to 1, as so many people have hit it). I do have a few > 500 and < 1000 users, but I tested against UIDs of > 1000 and getent failed for them as well. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
