Is 'enumeration' supported in IPA-AD trust setups/environments?
Issue
- Is
enumeration
supported in IPA-AD trust scenarios? -
Unable to enumerate all AD accounts on IPA server or client in IPA-AD trust environment even if sssd.conf is configured with
# cat /etc/sssd/sssd.conf | grep enumerate enumerate = True subdomain_enumerate = True
-
Unable to enumerate all AD users on IPA server or client in IPA-AD trust environment, following errors are logged in sssd_nss.log:
sssd_nss.log:(Fri Aug 24 17:11:58 2018) [sssd[nss]] [cache_req_validate_domain_enumeration] (0x0400): CR #1: Domain addomain.com does not support enumeration, skipping...<--- AD Domain sssd_nss.log:(Fri Aug 24 17:11:58 2018) [sssd[nss]] [cache_req_validate_domain_enumeration] (0x0400): CR #1: Enumeration requested but not enabled sssd_nss.log:(Fri Aug 24 17:11:58 2018) [sssd[nss]] [cache_req_validate_domain_enumeration] (0x0400): CR #1: Domain ipadomain.com supports enumeration
Environment
- Red Hat Enterprise Linux 7
- IPA - AD Trust Environment
- sssd
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.