On (19/08/14 09:13), Gerardo Padierna wrote: >Hi, > >I'd like to know if it somehow possible to use sssd as a proxy authenticator, >by which I mean the following: >· I want to authenticate users defined on a windows AD 2003 server on a >Solaris box (sssd is not available) >· I'm already using sssd on RHEL boxes -> I'd like to maintain the same >UID/GID mapping on the Solarix boxes as those already used on the RHEL >machines >· I was wondering if there's a conf (or a hack) that makes it possible to >authenticate an AD user on a box (which can't run sssd) the following way: >Soraris box -> asks ldap server -> asks sssd (on same box or not) -> asks AD >Since sssd is a client, I can't figure out how to do that, but maybe there's >a way (that's why I was thinking that maybe, by combining an ldap server with >sssd, they could act together as an authentication provider). > >Again: The reason why not using directly just one ldap client on the Solaris >boxes is to maintain the same UID/GIDs already defined in other sssd-based >hosts. > >Thanks a lot for any suggestions on this.
I think this was an aim of FreeIPA and legacy clients. http://www.freeipa.org/page/V3/Serving_legacy_clients_for_trusts FreeIPA supports cross-realm trusts with Active Directory. You will need to install new version of FreeIPA (RHEL7, CentOS7) Hope it helps. LS _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
