Hi everybody,
First, thanks for this great tool !
With a very simple setup, it allows me to use dozens of *Ubuntu 14.04
(sssd version 1.11.5-1ubuntu3) computers in the AD environment of my
school, where I have two 2003 servers.
I tried to help a collegue to do the same in another school (where there
is a mix of 2003 and 2008 servers), but I failed : the problem seems to
come from Kerberos, because I found messages of this type in the sssd logs
: "... has no support for encryption type". The enrollment of the computer
in the realm was OK, but users login sometimes fails.
In some blog I can't find anymore, it was written that old encryption
types (DES) was not supported anymore on 2008 servers, so I tried to force
some Kerberos options ("krb5_use_kdcinfo = false" in sssd.conf and
"allow_weak_crypto = 1" in /etc/krb5.conf).
The sssd logs let think that /etc/krb5.conf is looked, but the result is
the same.
The only thing "working" was to prevent the computer to talk with the 2003
server with iptables, but this is a horrible and annoying hack.
So my question are :
- Does anyone alredy managed to use sssd in this type of environment ?
- Would you have any idea where to look for better debugging ?
Thanks very much,
Yvan Masson