Hi,
We have an application that requires Active Directory. In order to
provide SSO, the application gets a user certificate from AD and, as I
understand, uses it towards a RHEL machine as a smart card. I installed
AD's ca certificates on the RHEL client and it works when sssd.conf is
all configured towards AD.
I've joined the client to AD, as I said, but I do want my `id_provider`
in `sssd.conf` to be `ldap` so that it gets my group info from FreeIPA.
But when I do this, the authentication doesn't work.
Is there a way to either force pam/sssd to check the certificates
against AD while still getting groups and names from ldap, or to get
FreeIPA to approve the certificates?
I know this might be a very corner case, but if we make it works, this
would be beautiful.
Best,
Francis
--
Francis Augusto Medeiros-Logeay
Oslo, Norway
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue