Community Articles
Find and share helpful community-sourced technical articles.
Explorer

After a few hours of debugging SSSD and mapping users/groups I wanted to make a post here to try and save someone the pain.

I had SSD configured correctly using the following document:

https://github.com/HortonworksUniversity/Security_Labs#lab-1

What I found by adding debug_level=7 to the sssd.conf file was this cryptic message:

Trying to resolve service 'AD_GC' 

I realized at some point I was firewall'd off to the Active Directory Global Catalog port 3286, once I opened this I can now get the correct groups mapped to my SSSD users.

Hope this saves someone some time in the future!

2,262 Views
Comments
Contributor

Is the port 3286, It should be 3268

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.
Version history
Last update:
‎03-31-2017 06:45 PM
Updated by:
Contributors
Top Kudoed Authors