On Thu, 2019-08-15 at 10:20 +0200, Sumit Bose wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > On Tue, Aug 13, 2019 at 02:05:06PM -0400, James Cassell wrote: > > Good afternoon, > > > > I'm working on a migration from Centrify to SSSD with Active Directory. > > Everything works quite well except for one item. Centrify has a feature to > > request a certificate from the AD CA that is automatically granted, given > > the AD credentials. This is used for wired 802.1x authentication, among > > other things. > > > > Is there a way to get an AD cert via SSSD or related tools such as adcli? > > (Centrify calls this command 'adcert'.) > > Hi, > > it looks like AD CS with NDES can support SCEP
Certmonger with CEP/CES plugin( https://github.com/ufven/cepces ) also works. There you get true AD Certs using keytab/kerberos for auth. I have tried it and works for Wifi at least. Jocke _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org