[SSSD-users] Re: Config for joining AD forest and Kerberos cross-domain authentication

2018-04-11 Thread Sumit Bose
On Tue, Apr 10, 2018 at 06:57:15PM +0200, Bastian Rosner wrote: > Hi, > > I think I found the solution. After I realized that putting a .k5login file > into $HOME results in a working cross-domain Kerberos authentication, a > search on this ML revealed the following: > > Add this to krb5.conf: >

[SSSD-users] Re: Config for joining AD forest and Kerberos cross-domain authentication

2018-04-10 Thread Bastian Rosner
Hi, I think I found the solution. After I realized that putting a .k5login file into $HOME results in a working cross-domain Kerberos authentication, a search on this ML revealed the following: Add this to krb5.conf: [plugins] localauth = {

[SSSD-users] Re: Config for joining AD forest and Kerberos cross-domain authentication

2018-04-09 Thread Sumit Bose
On Mon, Apr 09, 2018 at 04:49:02PM +0200, Bastian Rosner wrote: > Am 2018-04-09 16:35, schrieb Sumit Bose: > > On Fri, Apr 06, 2018 at 10:21:11PM +0200, Bastian Rosner wrote: > > > On 04/06/2018 09:59 PM, Jakub Hrozek wrote: > > > > > > > > > > > > > On 6 Apr 2018, at 17:54, Bastian Rosner

[SSSD-users] Re: Config for joining AD forest and Kerberos cross-domain authentication

2018-04-09 Thread Joakim Tjernlund
On Mon, 2018-04-09 at 16:35 +0200, Sumit Bose wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > On Fri, Apr 06, 2018 at 10:21:11PM +0200, Bastian Rosner wrote:

[SSSD-users] Re: Config for joining AD forest and Kerberos cross-domain authentication

2018-04-09 Thread Sumit Bose
On Fri, Apr 06, 2018 at 10:21:11PM +0200, Bastian Rosner wrote: > On 04/06/2018 09:59 PM, Jakub Hrozek wrote: > > > > > > > On 6 Apr 2018, at 17:54, Bastian Rosner wrote: > > > > > > Unfortunately, users from other domains can't use their Kerberos ticket, > > > only

[SSSD-users] Re: Config for joining AD forest and Kerberos cross-domain authentication

2018-04-06 Thread Bastian Rosner
On 04/06/2018 09:59 PM, Jakub Hrozek wrote: On 6 Apr 2018, at 17:54, Bastian Rosner wrote: Unfortunately, users from other domains can't use their Kerberos ticket, only password works. These users are specifying their domain on login. This all sounds like the issue is

[SSSD-users] Re: Config for joining AD forest and Kerberos cross-domain authentication

2018-04-06 Thread Jakub Hrozek
> On 6 Apr 2018, at 17:54, Bastian Rosner wrote: > > Unfortunately, users from other domains can't use their Kerberos ticket, only > password works. These users are specifying their domain on login. This all sounds like the issue is not on the SSSD level, but either the