On Fri, Aug 26, 2016 at 08:39:05AM -0400, William Muriithi wrote: > Morning > > I have been struggling with nfsidmap issue for a couple of days and > wouldn't mind a fresh eyes. > > Essentially, I have a FreeIPA that has a trust relationship with AD. > The AD is on domain example-corp.example.com while FreeIPA manages > eng.example.com. The problem is, when I login using AD account, the > nfsidmap seem to think I am on the FreeIPA account. I have changed > the idnapd.conf to use AD domain but that doesn't help. > > vi /etc/idmapd.conf > > Domain = example-corp.example.com
Which translation method do you use? SSSD provides an own method which should be more flexible than the default ones, see iman sss_rpcidmapd for details. HTH bye, Sumit > > > > [william@cacti ~]$ ssh 'william@example-corp'@platinum.eng.example.com > > william@[email protected]'s password: > > Last login: Tue Aug 23 11:45:33 2016 from 192.168.20.28 > > [[email protected]@platinum ~]$ env | grep USER > > [email protected] > > [[email protected]@platinum ~]$ su > > Password: > > [root@platinum william]# tail /var/log/messages > > Aug 26 08:18:13 platinum nfsidmap[17780]: nss_getpwnam: name > '[email protected]' does not map into domain > 'example-corp.example.com' > > Aug 26 08:18:13 platinum nfsidmap[17784]: nss_getpwnam: name > '[email protected]' does not map into domain > 'example-corp.example.com' > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
