On Mon, Sep 16, 2013 at 01:17:22PM +0000, a t wrote: > Hi, > > I am testing find a standard config for Linux authentication against Active > Directory and I am testing with Centos 6. I have decided on a > SSSD/Kerberos/LDAP configuration as described in RedHats "Integrating Red Hat > Enterprise Linux 6 with Active Directory" section 6.3. > http://www.redhat.com/rhecm/rest-rhecm/jcr/repository/collaboration/jcr:system/jcr:versionStorage/ae40084d0a052601783f1ea42715cdef/26/jcr:frozenNode/rh:resourceFile > > It works very well but for the one domain in our forest i.e. b.domain.org. > However, users of other domains in the forest can not be authenticated. This > is understandable as I have pointed all the config files at the child domains > DC's, i.e. dc1.b.domain.org rather than dc1.domain.org. I have been searching > for example configurations which will authenticate any user in the forest > even though the Linux installation is joined to a different child domain but > not found any. > > Scenario I would like to implement; > > Linux installation hostname = lin1lin1 joined to domain b.domain.orgusers > from b.domain.org can login to lin1.b.doamin.orgusers from all child domains > of domain.org can log into lin1.b.domain.org. for example a.domain.org, > c.domain.org or z.domain.org > > I have attached my current config files as a reference. They work for a > single domain rather than the whole forest. I suppose I am stuck whether to > add each AD child domain as separate domains in SSSD and REALMS in kerberos > or if I can get it to see the whole forest. > > > Thanks for any help / pointers, > > > Matthew > >
Hi Matthew, this feature is only supported starting with 1.10 upstream.. Even on RHEL-6 I would recommend trying out the AD provider, not the AD/Kerberos provider combo. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
