On Fri, 22 Jan 2010, Simo Sorce wrote: > On Fri, 22 Jan 2010 13:49:54 +0200 (EET) > Timo Aaltonen <tjaal...@cc.hut.fi> wrote: > >> >> Hi >> >> I've understood that sssd still isn't fully tested against an >> Active Directory? We've got one and I'm trying to make an Ubuntu >> linux client to work with it by using samba, MIT krb5 libs and sssd. >> Things aren't going too strong though. AD seems to support only HOST$ >> -style principals and not SPN's, but even if I specify >> ldap_sasl_authid to that I only get an "Invalid credentials" when the >> daemon is trying to bind >> >> [sssd[be[AALTO]]] [sasl_bind_send] (4): Executing sasl bind mech: >> GSSAPI, user: NEXUS6$ [sssd[be[AALTO]]] [sasl_bind_send] (1): >> ldap_sasl_bind failed (49)[Invalid credentials] >> >> So, am I missing something or is there something to be fixed :) > > We have only experimental support to use AD as an LDAP server. > But I don't think we ever tested using the host keytab and kerberos to > authenticate system ldap connections agains it. > > I think you should use winbind for now agtainst AD.
Winbind doesn't work properly, it fails to map uidNumber while gidNumber etc is mapped.. I was hoping for sssd to work better, but guess I just have to file a bug against samba. -- Timo Aaltonen Systems Specialist IT Services, Aalto University School of Science and Technology _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
