[SSSD-users] Re: unexpected owner for credentials

2018-04-09 Thread Charles Hedrick
Thanks.The krb5_map_user option does actually work for mapping usernames. But it doesn’t solve the more serious problem, which is that id_provider = ipa leaves the credentials owned by the wrong UID. I tried auth_provider both ipa and krb5, and it both has the same problem. It appears that

[SSSD-users] Re: unexpected owner for credentials

2018-04-09 Thread Sumit Bose
On Mon, Apr 09, 2018 at 04:32:00PM +, Charles Hedrick wrote: > I’m trying to support an odd configuration. > > We have an IPA system, which is used in the normal way for systems run by > staff. But we have hundreds of systems run by faculty and grad students. I’d > like to encourage them to

[SSSD-users] unexpected owner for credentials

2018-04-09 Thread Charles Hedrick
I’m trying to support an odd configuration. We have an IPA system, which is used in the normal way for systems run by staff. But we have hundreds of systems run by faculty and grad students. I’d like to encourage them to integrate with our system. However their usernames and UIDs don’t

[SSSD-users] Re: Config for joining AD forest and Kerberos cross-domain authentication

2018-04-09 Thread Sumit Bose
On Mon, Apr 09, 2018 at 04:49:02PM +0200, Bastian Rosner wrote: > Am 2018-04-09 16:35, schrieb Sumit Bose: > > On Fri, Apr 06, 2018 at 10:21:11PM +0200, Bastian Rosner wrote: > > > On 04/06/2018 09:59 PM, Jakub Hrozek wrote: > > > > > > > > > > > > > On 6 Apr 2018, at 17:54, Bastian Rosner

[SSSD-users] Re: Experiencing a bug on users' name and ID

2018-04-09 Thread Asif Iqbal
On Mon, Apr 2, 2018 at 12:20 PM, Asif Iqbal wrote: > > > On Tue, Mar 27, 2018 at 4:43 AM, Sumit Bose wrote: > >> On Fri, Mar 23, 2018 at 06:13:39PM -0400, Asif Iqbal wrote: >> > On Thu, Mar 22, 2018 at 2:51 PM, Asif Iqbal wrote: >> > >> > >

[SSSD-users] Re: Config for joining AD forest and Kerberos cross-domain authentication

2018-04-09 Thread Joakim Tjernlund
On Mon, 2018-04-09 at 16:35 +0200, Sumit Bose wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > On Fri, Apr 06, 2018 at 10:21:11PM +0200, Bastian Rosner wrote:

[SSSD-users] Re: Config for joining AD forest and Kerberos cross-domain authentication

2018-04-09 Thread Sumit Bose
On Fri, Apr 06, 2018 at 10:21:11PM +0200, Bastian Rosner wrote: > On 04/06/2018 09:59 PM, Jakub Hrozek wrote: > > > > > > > On 6 Apr 2018, at 17:54, Bastian Rosner wrote: > > > > > > Unfortunately, users from other domains can't use their Kerberos ticket, > > > only