I'm trying to set up SSSD on a CentOS 7 box to authenticate local AD logins. It's my first time doing this, but I've done quite a bit of trial and error and have limited success:
- Logins work if your RID is low enough
- Group memberships are limited to AD objects with low RIDs (or so it seems, with both of these statements)
It would seem I'd have to adjust ldap_idmap_range_size as explained here:
https://jhrozek.fedorapeople.org/sssd/1.11.90/man/sssd-ad.5.html
If I adjust ldap_idmap_range_size, max, or min to any values but the default - it completely breaks - no SIDs are resolved at all. I've tried at least several dozen different values - double, half, x10 etc - I can't get it to take any value other than the defaults - even values I see other people using when they paste their configs online.
I could post a large log here, but i'm hoping someone has seen this before and that I'm just missing something. Thanks in advance!
[link][16 comments]