Emmm.. Do you need the AD Administrator password? Why? If you need to join a Linux system to the AD domain you can ask the AD administratoe to do this. Or you can have a service account set up on AD which has the permissions to join to the domain.
On Fri, 11 Jan 2019 at 16:03, <[email protected]> wrote: > > > On Fri, Jan 11, 2019 at 6:50 AM Sumit Bose <[email protected]> wrote: > >> On Wed, Jan 09, 2019 at 12:47:34PM -0500, [email protected] wrote: >> > Looking for suggestion on ID mapping. >> > >> > I need to point to a ID provider over proxy >> > >> > I have not found a concrete solution or some hint about how to setup a >> > proxy to a ID provider and how sssd can point to that proxy for ID >> mapping. >> >> Can you rephrase your question? 'ID provider over proxy' should like you >> want some more details about SSSD's proxy provider as described in the >> sssd.conf man page. But this is unrelated to what I associate typically >> with 'ID mapping'. Please give a bit more details about what you are >> trying to achieve. >> >> > I am looking for a ID mapping solution. I do see following providers. > > “proxy”: Support a legacy NSS provider. > > “local”: SSSD internal provider for local users (DEPRECATED). > > “files”: FILES provider. See sssd-files(5) for more information > on how to mirror local users and groups into SSSD. > > “ldap”: LDAP provider. See sssd-ldap(5) for more information on > configuring LDAP. > > “ipa”: FreeIPA and Red Hat Enterprise Identity Management > provider. See sssd-ipa(5) for more information on > configuring FreeIPA. > > “ad”: Active Directory provider. See sssd-ad(5) for more > information on configuring Active Directory. > > I am looking for a suggestion. > ad - won't work as we will not be provided Administrator > password > ldap - won't work as IT says not to use LDAP and use kerberos > instead for all things UNIX auth > and to use /etc/passwd for id (yikes, we have 100s of > servers to manage) > files - I am not sure how to have a central files for all > accounts > local - seems deprecated > proxy - I am not sure how to set that up, but seems like easier > for a central ID provider? > > Please advise > > > > > > > >> bye, >> Sumit >> >> > >> > All my servers are CentOS 7. >> > >> > >> > -- >> > Asif Iqbal >> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >> > A: Because it messes up the order in which people normally read text. >> > Q: Why is top-posting such a bad thing? >> >> > _______________________________________________ >> > sssd-users mailing list -- [email protected] >> > To unsubscribe send an email to [email protected] >> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> > List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> _______________________________________________ >> sssd-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> > > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
