On Tue, Apr 25, 2017 at 12:37:50PM -0000, k...@unwire.dk wrote: > Hi. > > I have the following scenario : > > -'example.com' domain running on premises > -'aws.example.com' domain running on 'Amazon Microsoft AD' in VPC with VPN > connection to on premises. > - One-way trust created from aws.example.com to example.com
I'm sorry, but sssd so far only supports domains a single forest. You can either join the client to each of the forests (and create multiple domain sections in sssd.conf) or use freeipa as you said or use winbind. > > I´m currently able to log in to a Windows server joined to aws.example.com > using example.com credentials. > Now i want the same for our Linux servers running in Amazon VPC and have > tried using this guide.: > http://docs.aws.amazon.com/directoryservice/latest/admin-guide/join_linux_instance.html > > I am able to login using credentials from aws.example.com like this .: > ssh u...@aws.example.com (user is present in this domain) > But i am not able to do it using > ssh u...@example.com (user is present in this domain) > > I have searched a lot on this topic and saw freeipa mentioned a few times, > but i would rather avoid having to use extra software if necessary. Yes, freeipa can help here in the sense that you would establish a trust to each of these forests. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org