I'm wondering what the heck I'm doing wrong. I'm working on getting SSSD + KRB5 working against 2008 R2 AD. It's working fine in RHEL5 w/ the standard LDAP.conf configuration. I'm working on sssd, but am not getting a binddn connection to AD. Here's my config:
grep -vE '^#|^$' /etc/sssd/sssd.conf [sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam domains = default [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 [domain/default] description = LDAP domain with AD server enumerate = false id_provider = ldap chpass_provider = krb5 ldap_uri = ldap://usherdc103.domain.com ldap://usherdc104.domain.com ldap_search_base = DC=Domain,DC=com ldap_tls_cacertdir = /etc/openldap/cacerts ldap_default_bind_dn = ldapbin...@domain.com ldap_default_authtok_type = password ldap_default_authtok = YAYYOUGOTME ldap_pwd_policy = none ldap_user_object_class = user ldap_group_object_class = group cache_credentials = True krb5_realm = DOMAIN.COM krb5_kdcip = usherdc103.domain.com,usherdc104.domain.com krb5_chanegpw_principle = kadmin/changepw wtf am I doing wrong, and is ldap for authentication better then krb5? or should I stick with ldap for authorization and krb5 for authentication? Thank you.
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
