We just had to restart sssd on a large number of machines because we had a
period of DNS failure. We’re using IPA as the backend. Faiures occurred on
Centos 7 and 8 and Ubuntu 18.
I don’t necessarily expect everything to work when DNS is dead, but I did
expect it t recover.
For the moment we’r
On Mon, Apr 20, 2020 at 08:39:33PM -, Michael Dahlberg wrote:
> I'm attempting to setup SSSD using AD as the id provider. All the
> documentation that I've found results in the linux system joining the
> AD domain when configuring sssd in this manner. I would like to
> configure sssd running
On Mon, Apr 20, 2020 at 10:17:31AM -0400, James Cassell wrote:
>
> On Mon, Apr 20, 2020, at 10:09 AM, Andreas Hasenack wrote:
> > Hi,
> >
> > I'm wondering why krb5_validate defaults to false in sssd-krb5, and
> > apparently it's the same default in the mit kerberos libraries (via
> > verify_ap_r
You have to join AD in order to perform authorization tasks, bcs otherwise sssd
has no way how to communicate with AD.
If you only want to use AD to authenticate local users, then no join is indeed
necessary, but then there is no need for sssd, just need to configure Kerberos.
-Original Mess
