Yes, I can also include that.
The configuration I was showing was a simple one, mainly I focused on
the library set as it is usually the most problematic part in old
distributions, but I will also include your comment as indeed makes more
As I was suggesting in the post, sssd is flexible enough admit multiple
configurations, once you get a working one you can work on improving it.
(Also I wanted to write that asap before I forget any important detail)
Your comment is very much appreciated and I will update accordingly
On 30/03/2015 01:16, Jakub Hrozek wrote:
On Mon, Mar 30, 2015 at 05:36:00AM +0100, g.fer.or...@unicyber.co.uk wrote:
Not sure if I am missing any bit.... but this was the thing in the end:
I managed to have it working and I have documented all those nasty bits
which might save people's time. The whole weekend gone but for the less has
I am including the SUDO bit which is usually a pain in my experience..
Thank you very much for documenting this, but wouldn't it be better to
use id_provider=ipa instead?
Then the configuration would be simpler, less error prone and would
authenticate more securely. You don't need to run ipa-client-install on
the box, you can generate the client keytab elsewhere and transfer it to
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project