I'm running into a frustrating problem with SSSD:
I'd like to bring AD integration of Centos 7.X boxes into production using SSSD. On several test boxes (joined to AD using realm command) everything seems to work fine at first (GUI login, SSH login). But all of a sudden login kind of fails for some (but not for all) test users (failing users have home directory not properly set anymore, $HOME= /). Home directories (path = /home/groupname/username) are mounted from an NFS server and accessible. Home dir path is set in the AD attribute "unixHomeDirectory"
Stopping sssd, clearing sss_cache (sss_cache -E) and then starting sssd again usually solves the problem for a short time (1 - 20 logins) but the annoying problem reappears. Thought it might help to disable caching of credentials... nope
Any hints are highly appreciated!
Thanks, Stefan
Here's the sssd.conf file:
Code: Select all
[sssd]
domains = my.domain.com
config_file_version = 2
services = nss, pam
#services = nss, pam, ssh, autofs
[domain/my.domain.com]
debug_level = 2
ad_domain = my.domain.com
krb5_realm = MY.DOMAIN.COM
realmd_tags = joined-with-samba
id_provider = ad
#cache_credentials = True
cache_credentials = False
krb5_store_password_if_offline = False
#krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
#fallback_homedir = /home/group1/%u
access_provider = simple
ldap_user_home_directory = unixHomeDirectory
ldap_user_principal = userPrincipalName