On Tue, Aug 13, 2013 at 12:28:03PM -0500, Ben H wrote:
What level of support is there for supporting multiple active
directory
domains that have trust relationships established with each other (either
one/two/external/forest).
If I have an environment with DomA <> DomB, it would currently appear that
I would need to create two separate SSSD domains in my .conf file, one for
each domain as well as create a computer account in each domain and
associated keytab entries on the local host. In effect, the machine would
be "joined" to two domains at once.
Would this work? Is there another way where one can be joined only to a
single domain and still authenticated trusted users?
The only documentation I can find regarding AD and trusts involves IPA
trusted domains.
Thank you.
With sssd-1.10 we started with the first step of trust support in the AD
provider. Currently sssd can handle domains in a single forest. i.e. if
the domain you joined sssd to is part of a forest users from other
domains in this forest are available as well.
The next stop would be to support cross-forest trusts.
HTH
bye,
Sumit
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users