SSSD with AD - No such user
Posted: 2015/11/30 21:44:29
Dear all,
I am new with SSSD and like to use it to authenticate Windows AD users on our Linux (CentOS 7) machine. After joining the Linux to the Windows Active Directory by using "realm join mydomain -U domainadminuser" successfully, I am able to see the computer account built in AD.
Difficulties:
Experiencing some difficulties with the user identification. After joining the domain successfully, on Linux machine, I was trying to use the command “id” to identify the domain users but failed. And of course, it won’t let me to “ssh” into the system against the AD accounts. Please help
BTW, from Linux, it can ping / find DC and I have tried to disable the firewalld on the linux to ensure there is no blocking issue from the linux end, but no luck.
# id domainuser@mydomain
id: domainuser@mydomain: no such user
Here this the output from "realm list"
[tigeruser@linux etc]# sudo realm list
mydomain
type: kerberos
realm-name: MYDOMAIN
domain-name: mydomain
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common
login-formats: %U@mydomain
login-policy: allow-realm-logins
I am new with SSSD and like to use it to authenticate Windows AD users on our Linux (CentOS 7) machine. After joining the Linux to the Windows Active Directory by using "realm join mydomain -U domainadminuser" successfully, I am able to see the computer account built in AD.
Difficulties:
Experiencing some difficulties with the user identification. After joining the domain successfully, on Linux machine, I was trying to use the command “id” to identify the domain users but failed. And of course, it won’t let me to “ssh” into the system against the AD accounts. Please help
BTW, from Linux, it can ping / find DC and I have tried to disable the firewalld on the linux to ensure there is no blocking issue from the linux end, but no luck.
# id domainuser@mydomain
id: domainuser@mydomain: no such user
Here this the output from "realm list"
[tigeruser@linux etc]# sudo realm list
mydomain
type: kerberos
realm-name: MYDOMAIN
domain-name: mydomain
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common
login-formats: %U@mydomain
login-policy: allow-realm-logins