I think, it is worth to mention the 'msktutil' for joining AD; it is specially useful for installing a batch of computers, Is well documented with a lot of options. It lets to join domain independent from samba, with full control on creating keytab, encryption type, required UPN/SPN names etc . In Ubuntu, package downloadable from mainstream repositories. I found this program more accurate to work with than the realmd - ok - in unstable 14.04 .
Using ad provider in multi domain environment and Global Catalog search: -do I still need the section for each subdomain in sssd.conf? Can I configure sssd only for main domain C.EXAMPLE.COM, if all subdomains {A,B,D}.C.EXAMPLE.COM don't differ? Longina -----Original Message----- From: sssd-users-boun...@lists.fedorahosted.org [mailto:sssd-users-boun...@lists.fedorahosted.org] On Behalf Of Ondrej Valousek Sent: 14. april 2014 11:00 To: End-user discussions about the System Security Services Daemon Subject: Re: [SSSD-users] [SSSD] New AD provider howto One minor thing (not sure if worth mentioning): When installing IDMU on windows server, it is quite useful to stop& disable the "server for NIS" service - it is not needed for the sssd functionality (not mentioning the security issues related to using NIS). Ondrej ________________________________________ From: sssd-users-boun...@lists.fedorahosted.org [sssd-users-boun...@lists.fedorahosted.org] on behalf of Simo Sorce [s...@redhat.com] Sent: Friday, April 11, 2014 6:09 PM To: End-user discussions about the System Security Services Daemon Subject: Re: [SSSD-users] [SSSD] New AD provider howto On Fri, 2014-04-11 at 11:14 -0400, Stephen Gallagher wrote: > > Well, the major technical reason is that it would be a > backwards-incompatible change. Updating the SSSD and changing that > behavior could very easily mean suddenly locking a whole lot of people > out of their system. There's really no easy way to change this unless > we want to force an upgrade to set it explicitly to 'access_provider = > permit', but that would still break if something like puppet overwrote > it again. > Although there are risks, I think we should do it in the next major release. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users