On Mon, Jul 01, 2013 at 09:32:45AM +0200, Jakub Hrozek wrote:
> On Fri, 2013-06-28 at 10:39 -0400, Dmitri Pal wrote:
> > >> Also in 1.10 SSSD should support transitive trusts so if there is a
> > >> trust between the domains SSSD 1.10 should be able to authenticate users
> > >> from both domains.
>
On Fri, 2013-06-28 at 10:39 -0400, Dmitri Pal wrote:
> >> Also in 1.10 SSSD should support transitive trusts so if there is a
> >> trust between the domains SSSD 1.10 should be able to authenticate users
> >> from both domains.
> > You can use the TGT to access both trusted domains in a trust, but
>> Also in 1.10 SSSD should support transitive trusts so if there is a
>> trust between the domains SSSD 1.10 should be able to authenticate users
>> from both domains.
> You can use the TGT to access both trusted domains in a trust, but the
> TGT must be obtained from the KDC you are enrolled wit
On Fri, Jun 28, 2013 at 09:49:12AM -0400, Dmitri Pal wrote:
> On 06/28/2013 03:53 AM, Jakub Hrozek wrote:
> > On Fri, Jun 28, 2013 at 01:12:37AM +0200, Mathieu Bouillaguet wrote:
> >> I have two more questions for my own knowledge and maybe those of others :
> >>
> >> * 1st question :
> >> If 2 use
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/28/2013 09:49 AM, Dmitri Pal wrote:
> If you define two domains can you have two different keytabs in
> SSSD?
Yes, of course you can. You can use krb5_keytab to set the location.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.13 (GNU/Linux)
On 06/28/2013 03:53 AM, Jakub Hrozek wrote:
> On Fri, Jun 28, 2013 at 01:12:37AM +0200, Mathieu Bouillaguet wrote:
>> I have two more questions for my own knowledge and maybe those of others :
>>
>> * 1st question :
>> If 2 users, a local user called "aminata" and a domain user
>> "aminata@domain"
On Fri, Jun 28, 2013 at 01:12:37AM +0200, Mathieu Bouillaguet wrote:
> I have two more questions for my own knowledge and maybe those of others :
>
> * 1st question :
> If 2 users, a local user called "aminata" and a domain user
> "aminata@domain" exist, how does sssd choose who we are when we ssh
I have two more questions for my own knowledge and maybe those of others :
* 1st question :
If 2 users, a local user called "aminata" and a domain user
"aminata@domain" exist, how does sssd choose who we are when we ssh in
the system with a username of "aminata" and the re_expressions is set to:
On Wed, Jun 26, 2013 at 08:23:40PM +0200, Mathieu Bouillaguet wrote:
> I solved my problem thanks to your reply :-)
>
> For the others, my access provider is ldap and I didn't configured the
> ldap_access_filter. If ldap_access_filter isn't configured and filter is in
> the ldap_access_order (whic
I solved my problem thanks to your reply :-)
For the others, my access provider is ldap and I didn't configured the
ldap_access_filter. If ldap_access_filter isn't configured and filter is in
the ldap_access_order (which is the default when it's not specified) all
users are denied access.
After h
On Wed, Jun 26, 2013 at 06:10:55PM +0200, Mathieu Bouillaguet wrote:
> Hello,
>
> We are trying to setup Kerberos authentication for our linux VMs on an
> Active Directory.
>
> We use Red Hat 6.2, the sssd version is 1.5.1.-66.el6.
>
> getent retrieve the domain users and groups.
>
> If I try t
Hello,
We are trying to setup Kerberos authentication for our linux VMs on an
Active Directory.
We use Red Hat 6.2, the sssd version is 1.5.1.-66.el6.
getent retrieve the domain users and groups.
If I try to ssh into the VM I am disconnected with "pam_sss(sshd:account)
access denied for user".
12 matches
Mail list logo