You have to be careful if you use as me, SSSD and NFS4+krb ; NFS doesn’t agree on connection with sec=krb5 if hostname doesn't match the hostname in keytab file.
Best, Longina > -----Original Message----- > From: [email protected] [mailto:sssd-users- > [email protected]] On Behalf Of Jakub Hrozek > Sent: 22. november 2014 14:48 > To: [email protected] > Subject: Re: [SSSD-users] SSSD-AD: SamAccountName 20 character limit - > What does SSSD do with longer host names? > > On Thu, Nov 20, 2014 at 05:24:24PM +0000, John Hodrien wrote: > > On Thu, 20 Nov 2014, Joschi Brauchle wrote: > > > > >Yes, you are right, that is a solution. > > > > > >The reason I am asking is because we will be setting up tons of linux > > >hosts with a common SSSD config and thus would like to eliminate > > >special configs for individual hosts. > > > > > >Thus, instead of telling SSSD what to do (which would be a special > > >config for the affected host), we would like to know what SSSD will > > >do and adapt the creation of machine accounts to SSSD. This way, we > > >hope to solve the "long-hostname-problem" on the server side rather > > >than the client side. > > > > I wasn't even meaning it would be a special config. You make a > > machine with a long name, and you see what gets created in the keytab. > > Either SSSD works with it, or it doesn't. If it doesn't, it needs fixing > > in SSSD. > > I think this is a good point. SSSD should just work. > > I did a bit more research and it seems that both Windows clients and realmd > truncate the name. Then I think it would be a good idea to let SSSD also > search for: > SHORTNAME_UP_TO_15_CHARS$@REALM > instead of: > ANYTHING_UP_TO_THE_FIRST_DOT$@REALM > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
