On Tue, Jun 13, 2017 at 02:07:02PM +0100, Tony Barganski wrote: > H Jakub Hrozek > > I also have a use case for this. My situation is that we are building out > Linux Server environments in AWS cloud for SAP clients and want a way to have > centralised accounts for our engineers and allow customers to login with > their Microsoft AD user accounts. > > I’ve been able to get this to work with the Linux Servers (CentOS 7) > connected to our IPA Domain with a one-way trust relationship between our IPA > Domain and the customers AD forest however, IPA is another set of > infrastructure that we would rather do without and use our existing Microsoft > AD domain with a one-way trust from customer to us. > > This doesn’t seem to work when the Linux Server is a member of our Microsoft > AD domain. > > On Tue, Mar 01, 2016 at 12:10:30AM -0000, kprprl(a)gmail.com wrote: > … > <https://lists.fedorahosted.org/archives/list/[email protected]/thread/ZPUI2NMVQL2U4TYICBSAUB33MO6R3ZQ7/#> > "Not supported at the moment short of joining the client to the two forests > and defining two [domain] sections.” > > Q1. How can I join the client to two forests and define two [domain] sections?
Get a keytab, either with net ads join or create it on the AD side and copy it to the Linux client. Then define the sssd.conf along the lines of: [sssd] domains = dom1, dom2 [domain/dom1] id_provider=ad ad_domain = dom1 # uncomment if autodiscovery doesn't work #ad_server = dc.dom1 [domain/dom1] id_provider=ad ad_domain = dom2 ldap_krb5_keytab = /path/to/alternative/keytab krb5_keytab = /path/to/alternative/keytab # uncomment if autodiscovery doesn't work #ad_server = dc.dom1 > > On Tue, Mar 01, 2016 at 12:10:30AM -0000, kprprl(a)gmail.com wrote: > > “...It's planned but we're not there yet…” > > Q2. Any news on when this feature may be implemented on your Road Map? No, sorry, at least not in the immediate future. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
