Re: [Freeipa-users] AD Integration - /etc/krb5.conf requirements
On Thu, 28 Apr 2016, Alexander Bokovoy wrote: On Thu, 28 Apr 2016, Michael ORourke wrote: I'm just looking for some clarification from the documentation: http://www.freeipa.org/page/Active_Directory_trust_setup In the section that starts with "Edit /etc/krb5.conf", they mention a manual configuration to the krb5.conf file for machines that will be leveraging AD users: [realms] IPA_DOMAIN = { auth_to_local = RULE:[1:$1@$0](^.*@AD_DOMAIN$)s/@AD_DOMAIN/@ad_domain/ auth_to_local = DEFAULT } Is this still required for sssd 1.13.0 and above? The actual requirement is MIT Kerberos 1.12+ where localauth plugin support was added. Then, of course, SSSD with localauth plugin implementation, which is SSSD 1.12.1+. I've updated the section http://www.freeipa.org/page/Active_Directory_trust_setup#Edit_.2Fetc.2Fkrb5.conf with the information about SSSD support for localauth plugin. Thanks for reporting it, Michael! -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] AD Integration - /etc/krb5.conf requirements
On Thu, 28 Apr 2016, Michael ORourke wrote: I'm just looking for some clarification from the documentation: http://www.freeipa.org/page/Active_Directory_trust_setup In the section that starts with "Edit /etc/krb5.conf", they mention a manual configuration to the krb5.conf file for machines that will be leveraging AD users: [realms] IPA_DOMAIN = { auth_to_local = RULE:[1:$1@$0](^.*@AD_DOMAIN$)s/@AD_DOMAIN/@ad_domain/ auth_to_local = DEFAULT } Is this still required for sssd 1.13.0 and above? The actual requirement is MIT Kerberos 1.12+ where localauth plugin support was added. Then, of course, SSSD with localauth plugin implementation, which is SSSD 1.12.1+. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] AD Integration - /etc/krb5.conf requirements
I'm just looking for some clarification from the documentation: http://www.freeipa.org/page/Active_Directory_trust_setup In the section that starts with "Edit /etc/krb5.conf", they mention a manual configuration to the krb5.conf file for machines that will be leveraging AD users: [realms] IPA_DOMAIN = { auth_to_local = RULE:[1:$1@$0](^.*@AD_DOMAIN$)s/@AD_DOMAIN/@ad_domain/ auth_to_local = DEFAULT } Is this still required for sssd 1.13.0 and above? Thanks, Mike -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project