You have to be careful if you use as me, SSSD and NFS4+krb ; NFS doesn’t agree on connection with sec=krb5 if hostname doesn't match the hostname in keytab file.
Best, Longina
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users- bounces@lists.fedorahosted.org] On Behalf Of Jakub Hrozek Sent: 22. november 2014 14:48 To: sssd-users@lists.fedorahosted.org Subject: Re: [SSSD-users] SSSD-AD: SamAccountName 20 character limit - What does SSSD do with longer host names?
On Thu, Nov 20, 2014 at 05:24:24PM +0000, John Hodrien wrote:
On Thu, 20 Nov 2014, Joschi Brauchle wrote:
Yes, you are right, that is a solution.
The reason I am asking is because we will be setting up tons of linux hosts with a common SSSD config and thus would like to eliminate special configs for individual hosts.
Thus, instead of telling SSSD what to do (which would be a special config for the affected host), we would like to know what SSSD will do and adapt the creation of machine accounts to SSSD. This way, we hope to solve the "long-hostname-problem" on the server side rather than the client side.
I wasn't even meaning it would be a special config. You make a machine with a long name, and you see what gets created in the keytab. Either SSSD works with it, or it doesn't. If it doesn't, it needs fixing in SSSD.
I think this is a good point. SSSD should just work.
I did a bit more research and it seems that both Windows clients and realmd truncate the name. Then I think it would be a good idea to let SSSD also search for: SHORTNAME_UP_TO_15_CHARS$@REALM instead of: ANYTHING_UP_TO_THE_FIRST_DOT$@REALM _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users