Community Articles

Find and share helpful community-sourced technical articles.
avatar
Rising Star

After a few hours of debugging SSSD and mapping users/groups I wanted to make a post here to try and save someone the pain.

I had SSD configured correctly using the following document:

https://github.com/HortonworksUniversity/Security_Labs#lab-1

What I found by adding debug_level=7 to the sssd.conf file was this cryptic message:

Trying to resolve service 'AD_GC' 

I realized at some point I was firewall'd off to the Active Directory Global Catalog port 3286, once I opened this I can now get the correct groups mapped to my SSSD users.

Hope this saves someone some time in the future!

2,961 Views
Comments
avatar
Rising Star

Is the port 3286, It should be 3268