I'm running into a frustrating problem with SSSD:
I'd like to bring AD integration of Centos 7.X boxes into production using SSSD. On several test boxes (joined to AD using realm command) everything seems to work fine at first (GUI login, SSH login). But all of a sudden login kind of fails for some (but not for all) test users (failing users have home directory not properly set anymore, $HOME= /). Home directories (path = /home/groupname/username) are mounted from an NFS server and accessible. Home dir path is set in the AD attribute "unixHomeDirectory"
Stopping sssd, clearing sss_cache (sss_cache -E) and then starting sssd again usually solves the problem for a short time (1 - 20 logins) but the annoying problem reappears. Thought it might help to disable caching of credentials... nope
Any hints are highly appreciated!
Here's the sssd.conf file:
Code: Select all
[sssd] domains = my.domain.com config_file_version = 2 services = nss, pam #services = nss, pam, ssh, autofs [domain/my.domain.com] debug_level = 2 ad_domain = my.domain.com krb5_realm = MY.DOMAIN.COM realmd_tags = joined-with-samba id_provider = ad #cache_credentials = True cache_credentials = False krb5_store_password_if_offline = False #krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = False #fallback_homedir = /home/group1/%u access_provider = simple ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName