Hi,
This is sssd-1.9.4 Ubuntu 12.10;
id_provider = ad
auth_provider = krb5
Users in domain c.my.domain with userPrincipalName=name at student.my.domain,
can not login to the computer.
The computer has joined AD in yet another domain 'nat.c.my.domain'
All user information can be retrieved from AD, from that computer, at
least with commands:
ldapsearch (as user, after kinit user_name at c.my.domain),
or as root on that computer:
id name at student.my.domain
id name at c.my.domain
id name
From krb5_child.log I can see that Kerberos refuses to issue TGT, as
search is done for non existing realm
name at STUDENT.MY.DOMAIN
Apparently, domain part in upn is treated as krb realm.
I have mapped student.my.domain domain to C.MY.DOMAIN realm in
/etc/krb5.conf
[domain_realm]
...
student.my.domain = C.MY.DOMAIN
....
and
in sssd.conf I have configured domain pointing to C.MY.DOMAIN realm.
[domain/student.my.domain]
....
krb5_realm = C.MY.DOMAIN
....
Is there any way to configure sssd to fix it?
Longina
--
Longina Przybyszewska
IT-Service,
University of Southern Denmark,
Campusvej 55,
DK-5230 Odense M, Denmark
Phone Direct: +45 6550 2359
--
_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
