Rob, All I have put into sssd.conf another domain in ldap acces_/auth_/id_ / ldap_uri/ldap_access_filter .. in my IPA client host When I come,first, to this IPA client host in root user and start command : su - user-from-other-domainBBB, or su - user-in-other-domainBBB@OTHER-REALM-BBB, *its running* *fine *with NSS/SSSD config. module.
But i cannot access directly from ssh command as: ssh user-from-other-domainBBB@ipa-client-hostAAA , or ssh user-in-other-domainBBB@OTHER-REAL-BBB@ipa-client-hosAAA The pb comes from SSH config. / SSSD ([ssh]) / ...? Can you help me ? Bien à vous Mr Karim Bourenane Le mer. 9 nov. 2022 à 08:13, Karim Bourenane <[email protected]> a écrit : > Hello Rob, all > > Thank you for your reply. > I have several and separate domain/realm server and client. > > My goal is to manage ( by devops teams only) all server's OS (IPA server + > IPA Client), inside or outside my AAA.com domain. > For the inside domain, no pb. > But outside domains, I need to know how I can do easeyer. > I don't want to create the same devops teams account's for all domains. > > How do you manage your outside servers domain ? by ssh key ? > Or what is the best way to do ? > > I need to configure the sssd.conf with other domain's ? > Merge the krb5 keytab file for the kerberos management ticket ? > > Thank you for your help. > Bien à vous > Mr Karim Bourenane > > > > > > Le mar. 8 nov. 2022 à 22:29, Rob Crittenden <[email protected]> a > écrit : > >> Karim Bourenane via FreeIPA-users wrote: >> > Hello Team >> > >> > Im on CentOS 7.9, with IPA server under 4.6.8. >> > My IPA server manages a domain/realm AAA.com.I would like it to be >> > accessible also via ssh from another domain/realm BBB.com and also to >> > use Kerberos token from BBB.comto use sudo management. >> > >> > It possible ? >> > >> > How should I proceed?If you could help me please. >> >> It sounds like you are trying to trust a different IPA domain. That is >> not currently supported. >> >> rob >> >>
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
