Setting use_fully_qualified_names in sssd.conf returns [Invalid SSSD configuration detected]

Solution Verified - Updated -

Issue

Setting use_fully_qualified_names = False in sssd.conf returns [Invalid SSSD configuration detected]

  • use_fully_qualified_names = False option has just been added to sssd.conf

    [domain/idm.example.com]

id_provider = ipa
ipa_server_mode = True
ipa_server = server.idm.example.com
ipa_domain = idm.example.com
ipa_hostname = server.idm.example.com
auth_provider = ipa
chpass_provider = ipa
access_provider = ipa
cache_credentials = True
ldap_tls_cacert = /etc/ipa/ca.crt
krb5_store_password_if_offline = True
use_fully_qualified_names = False     <<<<<=====

[sssd]
services = nss, pam, ifp, ssh, sudo
default_domain_suffix = example.com
domain_resolution_order = example.com, idm.example.com
domains = idm.example.com

  • Below SSSD log is recorded in /var/log/messages:

    systemd[1]: Starting System Security Services Daemon...
sssd[21981]: Error (1432158262 [Invalid SSSD configuration detected]) retrieving domain [idm.example.com], skipping!
sssd[21981]: Starting up
sssd[21981]: Error (1432158262 [Invalid SSSD configuration detected]) retrieving domain [idm.example.com], skipping!
sssd_be[21982]: Starting up
sssd_be[21982]: Error (1432158262 [Invalid SSSD configuration detected]) retrieving domain [idm.example.com], skipping!
sssd_nss[21983]: Starting up
sssd_nss[21983]: Error (1432158262 [Invalid SSSD configuration detected]) retrieving domain [idm.example.com], skipping!
sssd_ifp[21985]: Starting up
sssd_ifp[21985]: Error (1432158262 [Invalid SSSD configuration detected]) retrieving domain [idm.example.com], skipping!
sssd_sudo[21987]: Starting up
sssd_sudo[21987]: Error (1432158262 [Invalid SSSD configuration detected]) retrieving domain [idm.example.com], skipping!
sssd_ssh[21986]: Starting up
sssd_ssh[21986]: Error (1432158262 [Invalid SSSD configuration detected]) retrieving domain [idm.example.com], skipping!
sssd_pac[21988]: Starting up
sssd_pac[21988]: Error (1432158262 [Invalid SSSD configuration detected]) retrieving domain [idm.example.com], skipping!
sssd_pam[21984]: Starting up
sssd_pam[21984]: Error (1432158262 [Invalid SSSD configuration detected]) retrieving domain [idm.example.com], skipping!

  • AD trust between IdM and AD domain has been established.

  • default_domain_suffix and domain_resolution_order options are present in sssd.conf to allow AD user authentication without specifying domain portion of username:

    default_domain_suffix = example.com
domain_resolution_order = example.com, idm.example.com

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
    • SSSD
  • Red Hat Identity Management (IdM) / FreeIPA
    • ipa-server
    • ipa-client
  • Active Directory (AD)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content