Hi Jakub

Yes, I can also include that.
The configuration I was showing was a simple one, mainly I focused on the library set as it is usually the most problematic part in old distributions, but I will also include your comment as indeed makes more sense. As I was suggesting in the post, sssd is flexible enough admit multiple configurations, once you get a working one you can work on improving it. (Also I wanted to write that asap before I forget any important detail)
Your comment is very much appreciated and I will update accordingly


On 30/03/2015 01:16, Jakub Hrozek wrote:
On Mon, Mar 30, 2015 at 05:36:00AM +0100, g.fer.or...@unicyber.co.uk wrote:
Hey Guys

Not sure if I am missing any bit.... but this was the thing in the end:


I managed to have it working and I have documented all those nasty bits
which might save people's time. The whole weekend gone but for the less has
been productive.

I am including the SUDO bit which is usually a pain in my experience..

Thank you very much for documenting this, but wouldn't it be better to
use id_provider=ipa instead?

Then the configuration would be simpler, less error prone and would
authenticate more securely. You don't need to run ipa-client-install on
the box, you can generate the client keytab elsewhere and transfer it to
the client.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to