On Tue, Feb 07, 2017 at 12:25:38PM +0100, Lukas Slebodnik wrote:
On (06/02/17 20:25), Jakub Hrozek wrote:
>On Sun, Feb 05, 2017 at 03:17:28AM -0000, michael(a)hurts.ca wrote:
>> Hi,
>>
>> I'm in an environment with several AD sites, each with a DC. When remote
sites' DCs are unreachable because of a VPN outage, I'm not able to complete
password authentication with sudo.
>>
>> Does sssd_krb5_locator_plugin.so work with sssd-ad?
>
>Yes, it should.
>
>> Do I need to put anything in krb5.conf to activate it?
>
>No, should be automatic. Does the file the locator plugin writes
>(/var/lib/sss/pubconf/kdcinfo.$REALM contain an address from the right
>DC?
There is an implicit assumption that the directory /var/lib/sss/pubconf/
is included in krb5.conf. Otherwise it would not work.
It is /var/lib/sss/pubconf/krb5.include.d/ which should be included in
/etc/krb5.conf.
But the locator plugin would work even without the path included in
krb5.conf.
HTH
bye,
Sumit
> IIRC new version of realmd does it. But it was not mention how sssd
> was enrolled and which distro is used.
>
> LS
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org