Re: [Freeipa-users] CentOS IPA Client using Fedora IPA Server - SSO Fails from AD Trust domain

Wed, 05 Feb 2014 07:55:32 -0800 

Any one knows how to add new attribute or object class  to the user
accounts ...eg. added department and id creation date in those users info
field.

Can use 389 / redhat driectory console ? I tried to edit 99user.ldif seem
not shown up new attribute.

barry


2014-02-05 Martin Kosek <mko...@redhat.com>:

> Good! Note that we plan to enhance SSSD to leverage the new Kerberos
> authlocal
> API to avoid having to update krb5.conf on each system. This is the
> upstream
> ticket:
>
> https://fedorahosted.org/sssd/ticket/1835
>
> Martin
>
> On 02/05/2014 03:27 PM, Mark Gardner wrote:
> > Thanks, That was what I missed.
> >
> >
> > On Wed, Feb 5, 2014 at 2:39 AM, Alexander Bokovoy <aboko...@redhat.com
> >wrote:
> >
> >> On Tue, 04 Feb 2014, Mark Gardner wrote:
> >>
> >>> I'm trying to configure our CentOS IPA Client for Single Sign On from
> our
> >>> trusted AD domain.
> >>> SSO works fine when I ssh to the IPA server, but not to the CentOS
> Client.
> >>> It prompts for password which it accepts, so it's getting the
> >>> authentication from the AD domain.
> >>>
> >>> Fedora 20 IPA Server
> >>> CentOS 6.5 IPA Client
> >>> Win 2012 AD Domain Server
> >>>
> >>> Setup as IPA as a subdomain of AD.
> >>> AD Domain: test.local
> >>> IPA Domain: hosted.test.local
> >>>
> >>> Anybody run into this?  Suggestions?
> >>>
> >> Each client needs to be configured to accept AD users' SSO.
> >>
> >> Check that /etc/krb5.conf contains auth_to_local rules mapping
> principals
> >> from
> >> AD to their names as returned by SSSD.
> >>
> >> SSH daemon is picky about principal/name mapping.
> >> --
> >> / Alexander Bokovoy
> >>
> >
> >
> >
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users@redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> >
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to