I tried to follow the minimal setup from the new Howto: In my multiple domain AD, SRV records are resolved for main domain and for subdomains from my client jedi.n.c.example.com, dnsdomainname=n.c.example.com
I consider N.C.EXAMPLE.COM as my default_realm because my computer's attributes are defined in it.
(default_realm = N.C.EXAMPLE.COM ## defined in /etc/krb5.conf) ================================================ root@jedi:~# realm discover See: journalctl REALMD_OPERATION=r6913.3121 realm: No default realm discovered
============================================== root@jedi:~# realm discover C.EXAMPLE.COM c.example.com type: kerberos realm-name: C.EXAMPLE.COM domain-name: c.example.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: libnss-sss required-package: libpam-sss required-package: adcli required-package: samba-common-bin login-formats: %U login-policy: allow-realm-logins ================================================ root@jedi:~# realm discover N.C.EXAMPLE.COM n.c.example.com type: kerberos realm-name: N.C.EXAMPLE.COM domain-name: n.c.example.com configured: no server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: libnss-sss required-package: libpam-sss required-package: adcli required-package: samba-common-bin
How understand the "configured:" line in both output ? What should be my default_realm?
Longina
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Longina Przybyszewska Sent: 24. april 2014 14:47 To: 'End-user discussions about the System Security Services Daemon' Subject: Re: [SSSD-users] [SSSD] New AD provider howto
Still, isn't it preferable to specify all domains in sssd.conf and use for each, dns_discovery_domain to speed up lookups?
_
Using ad provider in multi domain environment and Global Catalog search: -do I still need the section for each subdomain in sssd.conf? Can I configure sssd only for main domain C.EXAMPLE.COM, if all subdomains {A,B,D}.C.EXAMPLE.COM don't differ?
If the subdomans are all part of a single forest, then SSSD should be able to see all the domains and all their users with 1.11.x.
Longina
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users@lists.fedorahosted.org