I tried to follow the minimal setup from the new Howto:
In my multiple domain AD, SRV records are resolved for main domain and for subdomains from
my client
jedi.n.c.example.com,
dnsdomainname=n.c.example.com
I consider
N.C.EXAMPLE.COM as my default_realm because my computer's attributes are
defined in it.
(default_realm =
N.C.EXAMPLE.COM ## defined in /etc/krb5.conf)
================================================
root@jedi:~# realm discover
See: journalctl REALMD_OPERATION=r6913.3121
realm: No default realm discovered
==============================================
root@jedi:~# realm discover
C.EXAMPLE.COM
c.example.com
type: kerberos
realm-name:
C.EXAMPLE.COM
domain-name:
c.example.com
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
required-package: libpam-sss
required-package: adcli
required-package: samba-common-bin
login-formats: %U
login-policy: allow-realm-logins
================================================
root@jedi:~# realm discover
N.C.EXAMPLE.COM
n.c.example.com
type: kerberos
realm-name:
N.C.EXAMPLE.COM
domain-name:
n.c.example.com
configured: no
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
required-package: libpam-sss
required-package: adcli
required-package: samba-common-bin
How understand the "configured:" line in both output ?
What should be my default_realm?
Longina
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Longina Przybyszewska
Sent: 24. april 2014 14:47
To: 'End-user discussions about the System Security Services Daemon'
Subject: Re: [SSSD-users] [SSSD] New AD provider howto
Still, isn't it preferable to specify all domains in sssd.conf and use for each,
dns_discovery_domain to speed up lookups?
_
Using ad provider in multi domain environment and Global Catalog
search:
-do I still need the section for each subdomain in sssd.conf? Can I
configure sssd only for main domain
C.EXAMPLE.COM, if all subdomains
{A,B,D}.C.EXAMPLE.COM don't differ?
If the subdomans are all part of a single forest, then SSSD should be able to see all the
domains and all their users with 1.11.x.
Longina
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users