On Tue, Feb 07, 2017 at 12:25:38PM +0100, Lukas Slebodnik wrote: > On (06/02/17 20:25), Jakub Hrozek wrote: > >On Sun, Feb 05, 2017 at 03:17:28AM -0000, [email protected] wrote: > >> Hi, > >> > >> I'm in an environment with several AD sites, each with a DC. When remote > >> sites' DCs are unreachable because of a VPN outage, I'm not able to > >> complete password authentication with sudo. > >> > >> Does sssd_krb5_locator_plugin.so work with sssd-ad? > > > >Yes, it should. > > > >> Do I need to put anything in krb5.conf to activate it? > > > >No, should be automatic. Does the file the locator plugin writes > >(/var/lib/sss/pubconf/kdcinfo.$REALM contain an address from the right > >DC? > There is an implicit assumption that the directory /var/lib/sss/pubconf/ > is included in krb5.conf. Otherwise it would not work.
It is /var/lib/sss/pubconf/krb5.include.d/ which should be included in /etc/krb5.conf. But the locator plugin would work even without the path included in krb5.conf. HTH bye, Sumit > IIRC new version of realmd does it. But it was not mention how sssd > was enrolled and which distro is used. > > LS > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
