I've been having issues trying to reconfig AD Auth using realmd/SSSD on a RHEL 7 box; I can't get SSSD to honor my new config.
I want to be able to login as doublenns instead of doublenns@domain.com and have my homedir automatically get created as /home/doublenns/ instead of /home/doublenns@domain.com/. I've configured SSSD as such:
# realm list domain.com type: kerberos realm-name: DOMAIN.COM domain-name: domain.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common login-formats: %U login-policy: allow-realm-logins # cat /etc/sssd/sssd.conf [sssd] domains = domain.com config_file_version = 2 services = nss, pam [domain/domain.com] ad_domain = domain.com krb5_realm = DOMAIN.COM realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = False fallback_homedir = /home/%u access_provider = ad Above I changed the "use_fully_qualified_names" from True to False and set the "fallback_homedir" from "/home/%u%d" to "/home/%u". However, when I do an id doublenns I get nada. When I do id doublenns@domain.com it returns my user mapping. I've tried restarting SSSD and invalidating all of it's cache (systemctl restart sssd.service; sss_cache -E) to no avail.
Is there possibly some other cache that I'm missing?
Edit: I have the default realmdirective set as "domain.com" in the krb5.conf Kerberos config file. Additionally, I have used realmd to set up other RHEL 7 boxes, which worked just fine. But this isn't the first time I've run into issues when trying to change how it's configured on an existing system.
[link] [comments]