I think, rather than replicating your admin accounts, have a separate admin
realm, and then have all customer realms trust your admin realm, and use
those credentials.
-DTK
--
david t. klein
Cisco Certified Network Associate (CSCO11281885)
Linux Professional Institute Certification (LPI00016
When we originally designed SSSD, we looked at it as a solution for
dealing with LDAP and Kerberos identity and authentication for Linux and
UNIX clients. With our initial approach, we decided to include only
marginal support for Microsoft's Active Directory as a source of user
information (only su
My story is here:
https://bugzilla.redhat.com/show_bug.cgi?id=652609
And it seems to go nowhere. So, in quick - I still believe winbind is a piece of crap really (Simo forgives) for the reasons outlined above
in the link.
For the same reasons I believe you, SSSD engineers, are wasting your tim
Small update so I am not only throwing dirt on winbind:
Winbind has still its use if you can not use / do not have RFC2307 attributes
in AD.
So simply, if you want to use RFC2307 attributes, sssd is here for you. If not, go for winbind. But yet I would not bother about winbind
plugin for sssd a
On Fri, 2011-12-02 at 15:59 +0100, Ondrej Valousek wrote:
> Small update so I am not only throwing dirt on winbind:
>
> Winbind has still its use if you can not use / do not have RFC2307
> attributes in AD.
> So simply, if you want to use RFC2307 attributes, sssd is here for
> you. If not, go for
On 12/02/2011 04:06 PM, Stephen Gallagher wrote:
1) SSSD caching instead of nscd
Winbind has its own cache. We do not want to implement the yet another one
causing confusion, do we?
2) Support for multiple AD domains without trust
If needed, winbind itself should provide this functionality.
On Fri, 2011-12-02 at 08:01 -0600, david t. klein wrote:
> I think, rather than replicating your admin accounts, have a separate admin
> realm, and then have all customer realms trust your admin realm, and use
> those credentials.
In future this will be an easier way.
But right now trust relation
On Fri, 2011-12-02 at 10:06 -0500, Stephen Gallagher wrote:
> On Fri, 2011-12-02 at 15:59 +0100, Ondrej Valousek wrote:
> > Small update so I am not only throwing dirt on winbind:
> >
> > Winbind has still its use if you can not use / do not have RFC2307
> > attributes in AD.
> > So simply, if yo