Hi all, I'm jumping in to using sssd-ad here at BU. I'm able to domain join a
CentOS7 and pull our AD entries successfully but am having troubles with
ad_access_filter to restrict access to a group.
Due to FERPA restrictions here, we can't query memberOf for random people via a
machine account
ber 23, 2017 2:47 PM
To: sssd-users@lists.fedorahosted.org
Subject: [SSSD-users] Re: ad_access_filter question
On Wed, Nov 22, 2017 at 07:56:57PM +, Conwell, Nik wrote:
> Hi all, I'm jumping in to using sssd-ad here at BU. I'm able to domain join
> a CentOS7 and pull our AD entries successfu
On 11/24/17, 8:22 AM, "Jakub Hrozek" wrote:
>On Fri, Nov 24, 2017 at 10:02:15AM +0000, Conwell, Nik wrote:
>
>The simple access provider looks at user entry itself and their groups in
>the sssd cache - unlike the access filter, which is applied against the
Hi all, just curious what do you all do for Active Directory domain controllers
in the krb5.conf? Seems like "realm join" by default populates the krb5.conf
with the hostnames of all the AD KDCs discovered for the domain. All good
until we decided we are going to rename the KDCs to all new nam
so there's that.
also they maintain a load-balanced pool per location for those apps that are
not site-aware. Worst case, I could set my kdc = that.
That LB pool will always been right, as they slip in and out AD controllers.
Spike
On Fri, Oct 5, 2018 at 6:04 AM Conwell, Nik mailto:n...@bu.e
Hi all, can anyone offer some insight into how password authentication works
with sssd-ad on the 2.3 version (CentOS 8)? It doesn't seem to working as it
was under the 1.16. Details below.
We've been running SSSD 1.16 on CentOS7 for a while without issue. But on
CentOS 8 at the 2.3 levels we
Thanks Justin, very prescient. 😊
After looking through the logs it looks like we have a subdomain(?) or possibly
our root domain(?) that is being automatically discovered which is causing a
search for the host key and possibly is presenting some domain confusion as it
is trying to request a TG