[SSSD-users] Re: Clarifiication: Short name input format with SSSD

Sorry, I have made a mistake - the conf I was talking about domains = is necessary. I was thinking of default_domain_suffix (string) which I currently don't have set. Would I need to set it? cheers L. -- "The antidote to apocalypticism is *apocalyptic civics*. Apocalyptic civics is the

[SSSD-users] Clarifiication: Short name input format with SSSD

With relation to SSSD 1.15.3's [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when SSSD acts as an IPA client for server with IPA-AD trusts https://pagure.io/SSSD/sssd/issue/3001 I read this to mean that in my unix.domain.com domain

[SSSD-users] Re: Unable to login to my kerberos realm

On Wed, Aug 2, 2017 at 11:42 AM, Jakub Hrozek wrote: > On Wed, Aug 02, 2017 at 11:07:08AM -0400, Louis Garcia wrote: > > On Wed, Aug 2, 2017 at 8:54 AM, Jakub Hrozek wrote: > > > > > On Wed, Aug 02, 2017 at 02:43:35PM +0200, Jakub Hrozek wrote: > > > > On

[SSSD-users] gpupdate?

Is there a facility in SSSD to perform a group policy update and application without requiring a login? Like the windows gpupdate.exe command line tool? An example scenario I'm thinking about is a change in an Access Control GPO. The administrator of the system, as root, either invalidates

[SSSD-users] Re: AD parent child issues

On (02/08/17 18:01), Tristan Bouillon wrote: >OK, tried to be clear but looks like I'm not :) >No big deal let's try again > >Use case >I'm connected to a linux jumpbox (let's say jb.example.com) which is >in domain example.com. >I do: "$ kinit tbouillon" and get a working ticket. I can connect

[SSSD-users] Re: AD parent child issues

OK, tried to be clear but looks like I'm not :) No big deal let's try again Use case I'm connected to a linux jumpbox (let's say jb.example.com) which is in domain example.com. I do: "$ kinit tbouillon" and get a working ticket. I can connect with user tbouillon via ssh to all servers in

[SSSD-users] Re: Unable to login to my kerberos realm

On Wed, Aug 02, 2017 at 11:07:08AM -0400, Louis Garcia wrote: > On Wed, Aug 2, 2017 at 8:54 AM, Jakub Hrozek wrote: > > > On Wed, Aug 02, 2017 at 02:43:35PM +0200, Jakub Hrozek wrote: > > > On Wed, Aug 02, 2017 at 09:46:43AM +0200, Lukas Slebodnik wrote: > > > > On (02/08/17

[SSSD-users] Re: Unable to login to my kerberos realm

On Wed, Aug 2, 2017 at 8:54 AM, Jakub Hrozek wrote: > On Wed, Aug 02, 2017 at 02:43:35PM +0200, Jakub Hrozek wrote: > > On Wed, Aug 02, 2017 at 09:46:43AM +0200, Lukas Slebodnik wrote: > > > On (02/08/17 09:43), Jakub Hrozek wrote: > > > >On Tue, Aug 01, 2017 at 04:46:32PM

[SSSD-users] Re: AD parent child issues

Hi Tristan, I understand your topology from what you wrote, but I still do not know what is your problem. See question inline. On 08/02/2017 03:48 PM, Tristan Bouillon wrote: Hi Michal Thanks for answering For the missing part : OS : Centos 7.3 with latest updates SSSD: 1.14.0 release 43 So,

[SSSD-users] Re: AD parent child issues

Hi Michal Thanks for answering For the missing part : OS : Centos 7.3 with latest updates SSSD: 1.14.0 release 43 So, I removed all traces of server1 (which is indeed a linux host) from AD and tried to re join with the realm command. Good points: The sssd.conf provided by the realm command was

[SSSD-users] Re: Unable to login to my kerberos realm

On Wed, Aug 02, 2017 at 02:43:35PM +0200, Jakub Hrozek wrote: > On Wed, Aug 02, 2017 at 09:46:43AM +0200, Lukas Slebodnik wrote: > > On (02/08/17 09:43), Jakub Hrozek wrote: > > >On Tue, Aug 01, 2017 at 04:46:32PM -0400, Louis Garcia wrote: > > >> In fedora 26 where should sssd.conf live?

[SSSD-users] Re: Unable to login to my kerberos realm

On Wed, Aug 02, 2017 at 09:46:43AM +0200, Lukas Slebodnik wrote: > On (02/08/17 09:43), Jakub Hrozek wrote: > >On Tue, Aug 01, 2017 at 04:46:32PM -0400, Louis Garcia wrote: > >> In fedora 26 where should sssd.conf live? /etc/sssd/ or /etc/sssd/conf.d/ > >> ?? > > > >Ah, in fedora-26, this setup

[SSSD-users] Re: AD parent child issues

Hi, You did not mention what SSSD version and what OS you are using. I have few questions, see inline. On 08/02/2017 10:59 AM, Tristan Bouillon wrote: Hi I have this case I'm working on and it's driving me crazy. I try to setup something like this: AD setup is like this with be-directional

[SSSD-users] AD parent child issues

Hi I have this case I'm working on and it's driving me crazy. I try to setup something like this: AD setup is like this with be-directional approbation: - example.com \-- chlld.example.com Have users registered in example.com => us...@example.com computers are registered in child.eample.com =>

[SSSD-users] Re: Unable to login to my kerberos realm

On (02/08/17 09:43), Jakub Hrozek wrote: >On Tue, Aug 01, 2017 at 04:46:32PM -0400, Louis Garcia wrote: >> In fedora 26 where should sssd.conf live? /etc/sssd/ or /etc/sssd/conf.d/ >> ?? > >Ah, in fedora-26, this setup might be a bit more problematic because >sssd by default serves files

[SSSD-users] Re: Unable to login to my kerberos realm

On Tue, Aug 01, 2017 at 04:46:32PM -0400, Louis Garcia wrote: > In fedora 26 where should sssd.conf live? /etc/sssd/ or /etc/sssd/conf.d/ > ?? Ah, in fedora-26, this setup might be a bit more problematic because sssd by default serves files already. Can you try something like this please