Hello I'm looking for a solution to use IPA and AD Users via IPA-provider for xorg Sessions on OL8. I've found some methods with "access_provider = ad" or "access_provider = simple" but i use "access_provider = ipa" in the sssd.conf to enforce rules.
The login an sudo-rulset works fine, i added the service xrdp to the rules on the server. sssd.conf [domain/mydomain.com] id_provider = ipa dns_discovery_domain = mydomain.com ipa_server = server.mydomain.com ipa_domain = mydomain.com ipa_hostname = host.mydomain.com auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt krb5_store_password_if_offline = True ldap_sudo_smart_refresh_interval = 900 ldap_sudo_full_refresh_interval = 300 [sssd] services = nss, pam, ssh, sudo domains = mydomain.com [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] [secrets] but i don't know if i have to set some informations in the xrdp.ini [Xorg] name=Xorg lib=libxup.so username=ask password=ask ip=127.0.0.1 port=-1 code=20 _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
