I have somewhat of a unique situation which causes the userPrincipalName value in Active Directory to use a public DNS domain as its realm, but the Active Directory was designed with a private DNS domain.
For example, user John Smith would typically be jsmith@example.local<mailto:jsmith@example.local> but his userPrincipalName is jsm...@example.com<mailto:jsm...@example.com>. Unfortunately when trying to authenticate with pam_sss, the "krb5" child process will complain that the KDC is not local to the realm. The KDC might be something like kdc.example.local, and in this instance the realm is EXAMPLE.COM. Same situation if I try to `kinit jsm...@example.com`<mailto:jsm...@example.com%60>, the error about the KDC not being local to Realm occurs. Is there some other way that sssd could construct the userPrincipalName instead of me trying to create and populate a custom AD attribute? -- Mike
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users