Is there any option to configure a trust when the domains are NOT in the same forest? Has anyone tried this yet, maybe with kerberos?
I have an implementation where the stalling factor is going to be cross-forest one-way trusts, would be keen to find out if anyone else has tried this. Cheers, Jay > On 15 Aug, 2016, at 04:17, Jakub Hrozek <[email protected]> wrote: > > On Fri, Aug 12, 2016 at 04:51:41PM -0700, Guy Knights wrote: >> Hi, >> >> Can anyone confirm for me if SSSD supports authentication of users >> belonging to a trusted domain via an AD controller in the trusting domain? >> >> ie. A user attempts to log in as [email protected] on a client machine >> running SSSD, where SSSD has joined a domain test2.example.com and there is >> a 2-way forest trust between both domains. Is this supported? I've been >> trying to do so and so far it hasn't been working. > > As long as the two domains are in the same forest, then yes, you just > need to use the fully qualified name. > >> >> For the record, my setup is: >> >> AD controller domain test1: Windows server 2012 R2 >> AD controller domain test2: Windows server 2012 R2 >> Ubuntu 14.04 client running SSSD 1.12.5 > > But I would recommend to use something newer on the client side (1.13+) > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/admin/lists/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
