On Tue, Oct 06, 2015 at 05:43:45PM +0200, Jordi Claret wrote:
Hi All!
I explain my problem...
We have 2 Windows Active Directories domains in different forests, and i
need to autheticate with password and passwordless against first one
(DOMAIN1), and only with password against second one (DOMAIN2). I know that
SSSD currently does not support AD-AD cross-forest and i already have
created two separate entries in sssd.conf for both domains, but it seems
you need to join both domains and i need a computer object created in 2
ADs. Is it possible to authenticate by SSH with password against second
domain without AD computer object created in the second domain and
id_provider=ad ?
id_provider=ad requires a keytab to be present. The principal can be
overriden in the config file I guess, but a keytab is required.
btw are there any AD provider features that you absolutely need (like
GPOs) ? If not, would using id_provider=ldap with ldap_schema=ad be
enough?
Versions => rhel6 and sssd 1.12.4-47
Thanks!
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users