1

I'm used to joining windows 2008 r2 AD with Krb5.conf/ldap.conf/smb.conf and pam.d/authconfig_ac and being able to list users with

getent passwd

but after joining a centos 7 system I can logon fine, but I can't see users in AD who are able to logon.

What do I need to look at to fix this? I'm just getting my feet wet on Centos 7 and used the join realm to join the domain.

Improve this question

3 Answers 3

Reset to default
3

Your title says you're using sssd. The default here is to avoid enumerating user accounts as it can be very slow.

getent passwd # lists only local users getent passwd domain_user # works as expected

This is described in a FAQ list, and the necessary setting is

[domain/<domainname>] enumerate = true

added to your sssd.conf file

Improve this answer
0

There has to be a trust relationship between AD and your Centos server. I would start there, check if AD is actually allowing you to make that query from the Centos server.

Improve this answer
0

Go to /var/lib/sss/gpo_cache and check that you have GPO's being cached. Match the ID's to current GPO's and you'll start to see who is allowed.

Note that SSH access is controlled by Terminal Services GPO.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.