Hello List, I've built sssd-1.11.90 from git source for a CentOS 6.4 server. I want to set up a connection with SSSD to 2 Active Directory domains (both Windows 2003 functional level), parent and child, so they have a parent-child transitive trust:
ad.example.com \_child.ad.example.com I've joined the server to the parent domain using the ad provider, that (from 1.10 on) supports AD trusts. I'm expecting to be able to login (via ssh) to the server both using " testu...@ad.example.com" (which works), and using " testu...@child.ad.example.com" which doesen't work. This is what I want to fix. If I join the server to the child domain I am able to login with users from child domain (as expected), but not with users from parent domain. My guess is that trust isn't working. Running "getent passwd" enumerates users only from the parent domain, but nothing from the child domain. This is sssd.conf contents: [sssd] services = nss, pam config_file_version = 2 domains = ad.example.com [domain/ad.example.com] id_provider = ad auth_provider = ad access_provider = ad chpass_provider = ad ad_server = dc1.ad.example.com ad_backup_server = dc2.ad.example.com filter_users = r...@ad.example.com filter_groups = r...@ad.example.com ldap_id_mapping = false dyndns_update = true dyndns_update_ptr = false enumerate = true subdomain_enumerate = all cache_credentials = true I'm not using ID Mapping, I'm using posix attributes from AD, but even enabling ID mapping the result doesen't change. Am I doing something the wrong way ? Is it possible the problem is that the domains are not Windows 2008 R2 (as of documentation the only supported configuration for the AD provider) ? Thanks, Alfredo
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
