On (06/02/17 20:25), Jakub Hrozek wrote:
On Sun, Feb 05, 2017 at 03:17:28AM -0000, michael(a)hurts.ca wrote:
> Hi,
>
> I'm in an environment with several AD sites, each with a DC. When remote
sites' DCs are unreachable because of a VPN outage, I'm not able to complete
password authentication with sudo.
>
> Does sssd_krb5_locator_plugin.so work with sssd-ad?
Yes, it should.
> Do I need to put anything in krb5.conf to activate it?
No, should be automatic. Does the file the locator plugin writes
(/var/lib/sss/pubconf/kdcinfo.$REALM contain an address from the right
DC?
There is an implicit assumption that the directory /var/lib/sss/pubconf/
is included in krb5.conf. Otherwise it would not work.
IIRC new version of realmd does it. But it was not mention how sssd
was enrolled and which distro is used.
LS