I have following configuaration: [sssd] config_file_version = 2 domains = domain.com services = nss, pam
[nss] [pam] [domain/domain.com] cache_credentials = true id_provider = ad auth_provider = ad access_provider = simple default_shell = /bin/zsh fallback_homedir = /home/%d/%u use_fully_qualified_names = true ldap_id_mapping = true ldap_schema = ad ldap_idmap_range_min = 100000 ldap_idmap_range_max = 2000100000 ldap_idmap_range_size = 200000000 ldap_idmap_default_domain = DOMAIN.COM ignore_group_members = true Ticket cache: FILE:/tmp/krb5cc_400389252_3sT5UifBXn Default principal: [email protected] Valid starting Expires Service principal 07/20/2016 12:18:01 07/20/2016 21:14:13 krbtgt/[email protected] renew until 07/27/2016 11:14:13 I got kerberos working and login through gssapi to ssh: Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 host/[email protected] 2 host/[email protected] 2 host/[email protected] 2 host/[email protected] 2 host/[email protected] 2 host/[email protected] 2 host/[email protected] 2 host/[email protected] 2 host/[email protected] 2 host/[email protected] 2 [email protected] 2 [email protected] 2 [email protected] 2 [email protected] 2 [email protected] However I cannot get OpenAFS to work. I suspect it is that I don't have afs/[email protected] principal. How should I add service to keytab (I don't have admin rights on KDC) with SSD + AD? Maciej _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
