I did some testing of sssd-13.2 version in Ubuntu-16.04 (ldap_idmapping = false)
Login with fqdn in cross realm and Kerberos NFS automount seems to work almost
This is great.
I have still some questions:
In my setup, I have configured only for one domain - the domain where I join machine.
SRV discovery can figure out all domains and figure out AD structure;
Is it still necessary make an explicit list of all domains in the 'domains'
domains = a.c.realm, n.c.realm, s.c.realm, c.realm ...
I tried login with setup for UPN/sAMAccountName login- without success.
Is login with cross realm's UPN or short sAMAccoutName supported in this sssd
In database for default domain cache_a.c.realm.db user object has following names (for
'use_fully_qualified_names = true' setup):
dn: name = user1(a)n.c.realm ...
the option :
krb5_confd_path = /var/lib/sss/pubconf/krb5.conf.d
-does not create that directory (I understand from the doc that sssd should take care
However after manually creating this directory I can see many fails in log:
[sssd[be[a.c.realm]]] [sss_write_domain_mappings] (0x0200): Mapping file for domain
[a.c.realm] is [/var/lib/sss/pubconf/krb5.include.d/domain_realm_a_c_realm]
[sssd[be[a.c.realm]]] [sss_write_domain_mappings] (0x0040): creating the temp file
[/var/lib/sss/pubconf/krb5.include.d/domain_realm_a_c_realmU4PYcJ] for domain-realm
[sssd[be[a.c.realm]]] [sss_write_domain_mappings] (0x0080): Could not remove file
[/var/lib/sss/pubconf/krb5.include.d/domain_realm_a_c_realmU4P<B0>]: : No such
file or directory
drwxr-xr-x 2 root root 4096 Dec 16 16:08 /var/lib/sss/pubconf/krb5.conf.d/
Default value for option 'krb5_canonicalize' is FALSE;
I set 'canonicalize' to 'true' in krb5.conf - is it enough? I understand
from docs localauth plugin needs it.
Can I somehow (I do not think about log with high debug level) see all configured and
default options for SSSD?