Hi,
I am testing find a standard config for Linux authentication against Active Directory and
I am testing with Centos 6. I have decided on a SSSD/Kerberos/LDAP configuration as
described in RedHats "Integrating Red Hat Enterprise Linux 6 with Active
Directory" section 6.3.
http://www.redhat.com/rhecm/rest-rhecm/jcr/repository/collaboration/jcr:s...
It works very well but for the one domain in our forest i.e.
b.domain.org. However, users
of other domains in the forest can not be authenticated. This is understandable as I have
pointed all the config files at the child domains DC's, i.e.
dc1.b.domain.org rather
than
dc1.domain.org. I have been searching for example configurations which will
authenticate any user in the forest even though the Linux installation is joined to a
different child domain but not found any.
Scenario I would like to implement;
Linux installation hostname = lin1lin1 joined to domain b.domain.orgusers from
b.domain.org can login to lin1.b.doamin.orgusers from all child domains of
domain.org can
log into
lin1.b.domain.org. for example
a.domain.org,
c.domain.org or
z.domain.org
I have attached my current config files as a reference. They work for a single domain
rather than the whole forest. I suppose I am stuck whether to add each AD child domain as
separate domains in SSSD and REALMS in kerberos or if I can get it to see the whole
forest.
Thanks for any help / pointers,
Matthew