12.3 client connected to AD Hi I have sssd up and running against a Samba4 AD. It works fine. The only quirk is that getent passwd and getent group return only local users getent passwd lynn2 and getent group Domain\ Users work fine however getent passwd lynn2 lynn2:*:3000033:20513:lynn2:/home/users/lynn2:/bin/bash getent group 'Domain Users' Domain Users:*:20513: If I set enumerate = true in sssd.conf Then, getent passwd and getent group return as expected: both local and domain objects. But only the first time that the commnds are run. I believe that the enumerate line should allow me list all domain users too. Is it possible to get all the objects listed always with getent under sssd? /etc/nsswitch.conf passwd: compat sss group: compat sss /etc/sssd/sssd.conf [sssd] services = nss, pam config_file_version = 2 domains = default [nss] [pam] [domain/default] access_provider = simple #simple_allow_users = myuser enumerate = false cache_credentials = True id_provider = ldap auth_provider = krb5 chpass_provider = krb5 krb5_realm = HH3.SITE krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site ldap_uri = ldap://hh16.hh3.site/ ldap_search_base = dc=hh3,dc=site ldap_tls_cacertdir = /usr/local/samba/private/tls ldap_id_use_start_tls = False ldap_default_bind_dn = cn=lynn2,cn=Users,dc=hh3,dc=site ldap_default_authtok = xx ldap_default_authtok_type = password ldap_user_object_class = person ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group #ldap_user_search_filter =(&(objectCategory=User)(uidNumber=*)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org