On 03/20/2015 08:56 PM, McEvoy, James wrote:
When I look at the password entries for my rfc2307 account in Active
directory I get three different answers.
The only correct one is on a server where I used sssd to join AD
directly ( the last one ). Do I need to configure
rfc2307? When I configured the server to join AD directly I use the
option --enablerfc2307bis when I run authconfig.
from a freeipa client:
$ getent passwd [email protected]
[email protected]:*:10001:10004::/home/enas.net/jemcevoy:
from the ipa server:
[root@ipa ~]# getent passwd [email protected]
[email protected]:*:10001:10004:James
McEvoy:/home/enas.net/jemcevoy:/bin/bash
from a server that joined AD directly using sssd:
$ getent passwd [email protected]
jemcevoy:*:10001:10004:James McEvoy:/home/jemcevoy:/bin/bash
Hi,
Let us step back.
What versions of the server and of the client and on what platforms?
When you set trust, how did you set it?
It might be that IPA server did not detect that you have Posix
extensions in AD.
There is some heuristics involved so probably you should use explicit
parameters to tell IPA whether you have posix in AD or not.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
