I think, it is worth to mention the 'msktutil' for joining AD; it is specially
useful for installing a batch of computers,
Is well documented with a lot of options. It lets to join domain independent
from samba, with full control on creating keytab, encryption type, required
UPN/SPN names etc . In Ubuntu, package downloadable from mainstream
repositories.
I found this program more accurate to work with than the realmd - ok - in
unstable 14.04 .
Using ad provider in multi domain environment and Global Catalog search:
-do I still need the section for each subdomain in sssd.conf? Can I configure
sssd only for main domain C.EXAMPLE.COM,
if all subdomains {A,B,D}.C.EXAMPLE.COM don't differ?
Longina
-----Original Message-----
From: sssd-users-boun...@lists.fedorahosted.org
[mailto:sssd-users-boun...@lists.fedorahosted.org] On Behalf Of Ondrej Valousek
Sent: 14. april 2014 11:00
To: End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] [SSSD] New AD provider howto
One minor thing (not sure if worth mentioning): When installing IDMU on windows
server, it is quite useful to stop& disable the "server for NIS" service - it
is not needed for the sssd functionality (not mentioning the security issues
related to using NIS).
Ondrej
________________________________________
From: sssd-users-boun...@lists.fedorahosted.org
[sssd-users-boun...@lists.fedorahosted.org] on behalf of Simo Sorce
[s...@redhat.com]
Sent: Friday, April 11, 2014 6:09 PM
To: End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] [SSSD] New AD provider howto
On Fri, 2014-04-11 at 11:14 -0400, Stephen Gallagher wrote:
>
> Well, the major technical reason is that it would be a
> backwards-incompatible change. Updating the SSSD and changing that
> behavior could very easily mean suddenly locking a whole lot of people
> out of their system. There's really no easy way to change this unless
> we want to force an upgrade to set it explicitly to 'access_provider =
> permit', but that would still break if something like puppet overwrote
> it again.
>
Although there are risks, I think we should do it in the next major release.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
