On Tue, Apr 25, 2017 at 12:37:50PM -0000, kn(a)unwire.dk wrote:
I have the following scenario :
-'example.com' domain running on premises
-'aws.example.com' domain running on 'Amazon Microsoft AD' in VPC with
VPN connection to on premises.
- One-way trust created from aws.example.com
I'm sorry, but sssd so far only supports domains a single forest. You
can either join the client to each of the forests (and create multiple
domain sections in sssd.conf) or use freeipa as you said or use winbind.
I´m currently able to log in to a Windows server joined to aws.example.com
Now i want the same for our Linux servers running in Amazon VPC and have tried using this
I am able to login using credentials from aws.example.com
like this .:
ssh user(a)aws.example.com (user is present in this domain)
But i am not able to do it using
ssh user(a)example.com (user is present in this domain)
I have searched a lot on this topic and saw freeipa mentioned a few times, but i would
rather avoid having to use extra software if necessary.
Yes, freeipa can help here in the sense that you would establish a trust
to each of these forests.