there is redundant domain name in username format via /var/log/messages see below
Code: Select all
Apr 10 01:39:38 ark-centos7-ker rpc.idmapd[659]: Server : (user) id "1712439536" -> name "qa1@qa.arkivio.com@qa.arkivio.com"
ubuntu16 is joined with winbind,net ads join command[sssd]
#working on centos7 2016-12-14,integrated netapp sssd.conf contents
#it's valid since 2018-3-4
config_file_version = 2
#services = nss, pam, pac, ssh, ifp
services = nss, pam, sudo
#domains = QA
domains = qa.arkivio.com
#debug_level = 0 - Set this to troubleshoot; 0-10 are valid values
#debug_level = 0
debug_level = 9
#ldap_sasl_authid = host/ark-centos-smb4.qa.arkivio.com@QA.ARKIVIO.COM
#following added on 20180312 to make nfs4_sefacl WORKING
default_domain_suffix = qa.arkivio.com
[nss]
#filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
filter_groups = root
filter_users = root
reconnection_retries = 3
[pam]
reconnection_retries = 3
[domain/qa.arkivio.com]
#ad_domain = qa.arkivio.com
#krb5_realm = QA.ARKIVIO.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
#krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad
#following added on 20180315
auth_provider = ad
here is its smb.conf
i believe nfsv4 should use userformat as qa1@qa.arkivio.com rather than qa1@qa.arkivio.com@qa.arkivio.com,any idea what is missing here?[global]
workgroup = QA
kerberos method = secrets and keytab
security = ADS
realm = QA.ARKIVIO.COM
encrypt passwords = yes
log file = /var/log/samba/%m.log
log level = 4
netbios name = UBUNTUB
idmap config *:backend = rid
idmap config *:range = 5000-100000
allow trusted domains = yes
winbind trusted domains only = no
winbind use default domain = no
#winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
template shell = /bin/bash
thanks