So I have two-way trust setup and it seems to work.

And as described here:

SSSD allows user names in the format user@AD.DOMAIN, ad.domain\user and AD\user

That works just as described.

I have two domains/realms - and, the second 
being the Active Directory domain.

My desire is to have AD be the source for all user/authentication - the AD 
users will use their creds to ssh in to all of the Centos hosts in the domain.

The hosts that live in IDM are a combination of Centos 6.8 and 7.X hosts.

How can I make it so a user does not have to:

ssh 'IDM-AD\Administrator’@hostname or ssh

Instead when I say Administrator@hostname it auto-magically knows I mean "ssh

I’ve tried modifiying krb5.conf as such but it seems like I’m missing a step.

  #default_realm = IDM.PLACEIQ.NET                                              
  default_realm = IDM-AD.PLACEIQ.NET

I think my clients use the localauth plugin but I’m not entirely sure. If so, 
how can I configure its behavior?

        Jim Richard                     
(646) 338-8905  

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to