On Fri, Aug 12, 2016 at 04:51:41PM -0700, Guy Knights wrote:
Can anyone confirm for me if SSSD supports authentication of users
belonging to a trusted domain via an AD controller in the trusting domain?
ie. A user attempts to log in as fred(a)test1.example.com on a client machine
running SSSD, where SSSD has joined a domain test2.example.com
and there is
a 2-way forest trust between both domains. Is this supported? I've been
trying to do so and so far it hasn't been working.
As long as the two domains are in the same forest, then yes, you just
need to use the fully qualified name.
For the record, my setup is:
AD controller domain test1: Windows server 2012 R2
AD controller domain test2: Windows server 2012 R2
Ubuntu 14.04 client running SSSD 1.12.5
But I would recommend to use something newer on the client side (1.13+)