All, When I was first crafting my sssd.conf file, I very much attempted to make all my sssd domains upper-case. Because in my (naive) view, an AD domain is just a Kerberos realm (+ LDAP + nice admin screens).
As you know, Kerberos is very much case-sensitive. (Technically, AD is not. but the convention in the /etc/krb5.conf file is to always put Kerberos realms in upper case). Back to sssd. When sssd auto-discovered the other parent and child domains, it discovered them in lower case. I was left with a mix of upper and lower-case sssd domains. Even worse, the one local AD domain showed up twice. Once in upper-case (explicitly defined in sssd.conf) and once in lower-case (auto-discovered). Eventually, I gave up and went with the (apparently recommended sssd) convention of lower-case sssd domain names. In the domain definition, I list the krb5_realm in upper case: [domain/amer.example.com] ... krb5_realm = AMER.EXAMPLE.COM This is extremely unimportant (lower case works). But is there an option to auto-discover sssd domains in upper case? Spike
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
