from the default
/etc/krb5.keytab becasue e.g. sshd depends on them.
>
> To me, this should not be necessary.
> Ondrej
>
>
> -----Original Message-
> From: Sumit Bose [mailto:sb...@redhat.com]
> Sent: Tuesday, August 07, 2018 1:13 PM
> To: sssd-users@lists.fedorahost
t 07, 2018 1:13 PM
To: sssd-users@lists.fedorahosted.org
Subject: [SSSD-users] Re: sssd connecting to two AD domains
On Mon, Aug 06, 2018 at 08:34:04AM +, Ondrej Valousek wrote:
> Also, yes, setting ldap_sasl_authid does help, but it's bit awkward as right
> now I am using general s
2018 9:40 AM
> To: End-user discussions about the System Security Services Daemon
>
> Subject: [SSSD-users] Re: sssd connecting to two AD domains
>
> Hi,
> No, these are different forests, but a two way trust is established between
> these two.
> Ondrej
>
> -Original Mes
[mailto:ondrej.valou...@s3group.com]
Sent: Monday, August 06, 2018 9:40 AM
To: End-user discussions about the System Security Services Daemon
Subject: [SSSD-users] Re: sssd connecting to two AD domains
Hi,
No, these are different forests, but a two way trust is established between
these two
-users] Re: sssd connecting to two AD domains
Are mydomain and mydomain2 coming from a different forest?
with id_provider=ad sssd should work fine with domains from the same forest and
it should pick the right principal. If it doesn’t and setting ldap_sasl_authid
to shortname$@realm
Are mydomain and mydomain2 coming from a different forest?
with id_provider=ad sssd should work fine with domains from the same forest and
it should pick the right principal. If it doesn’t and setting ldap_sasl_authid
to shortname$@realm, then there must be a bug in the principal selection
Ok, I see that it’s probably not supported:
https://pagure.io/SSSD/sssd/issue/2078
right?
Ondrej
From: Ondrej Valousek [mailto:ondrej.valou...@s3group.com]
Sent: Monday, July 30, 2018 10:45 AM
To: End-user discussions about the System Security Services Daemon
Subject: [SSSD-users] sssd