On 09/06/2016 07:02 AM, Jim Richard wrote:
I don't think what you're asking for is possible to do as a FreeIPA
configuration. The documentation describes how to login without
prompting for passwords, but I think it is still necessary to provide
the username with AD realm when logging in.
So I have two-way trust setup and it seems to work.
And as described here:
SSSD allows user names in the
format user@AD.DOMAIN, ad.domain\user and AD\user
That works just as described.
I have two domains/realms - idm.placeiq.net and idm-ad.placeiq.net,
the second being the Active Directory domain.
My desire is to have AD be the source for all user/authentication -
the AD users will use their creds to ssh in to all of the Centos hosts
in the idm.placeiq.net domain.
The hosts that live in IDM are a combination of Centos 6.8 and 7.X hosts.
How can I make it so a user does not have to:
ssh 'IDM-AD\Administrator’@hostname or ssh
Instead when I say Administrator@hostname it auto-magically knows I
mean "ssh administra...@firstname.lastname@example.org
I’ve tried modifiying krb5.conf as such but it seems like I’m missing
#default_realm = IDM.PLACEIQ.NET
default_realm = IDM-AD.PLACEIQ.NET
I think my clients use the localauth plugin but I’m not entirely sure.
If so, how can I configure its behavior?
SYSTEM ADMINISTRATOR III
PlaceIQ:Location Data Accuracy
If you're always logging in as the same user to certain machines, you
could configure a default user in the ssh_config.
Perhaps someone else will have a better answer.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project