You have to join AD in order to perform authorization tasks, bcs otherwise sssd has no way how to communicate with AD. If you only want to use AD to authenticate local users, then no join is indeed necessary, but then there is no need for sssd, just need to configure Kerberos.
-----Original Message----- From: Michael Dahlberg <[email protected]> Sent: Monday, April 20, 2020 10:40 PM To: [email protected] Subject: [SSSD-users] ID provider AD vs LDAP I'm attempting to setup SSSD using AD as the id provider. All the documentation that I've found results in the linux system joining the AD domain when configuring sssd in this manner. I would like to configure sssd running on RHEL to just do authorization (access_provider) against the AD domain and *not* actually join the AD domain. I assume that this would mean I should not set "access_provider = ad". Instead should this value be set to ldap? If I configure sssd to use LDAP as the access provider, how would I address the Active Directory domain ad.example.com using the "ldap://"; notation? Would there be any other changes that I would need to address in the sssd.conf examples that use ldap as the access provider? _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02%7C01%7Condrej.valousek%40adestotech.com%7Cc2be49b4c85243314b2108d7e56af68f%7C2ccd8edaa14a4b4f825ce6ad71d71b81%7C0%7C1%7C637230119889686299&sdata=h%2Bvs%2Bqfu3Ofi32YngNhBOQ55od%2Bzklmozkh1%2Bm40sWk%3D&reserved=0 List Guidelines: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Condrej.valousek%40adestotech.com%7Cc2be49b4c85243314b2108d7e56af68f%7C2ccd8edaa14a4b4f825ce6ad71d71b81%7C0%7C1%7C637230119889686299&sdata=rA27C%2FYO%2FvsmsWUmkrEarOsgS5jqSToK8sT5oCJkrNo%3D&reserved=0 List Archives: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted.org&data=02%7C01%7Condrej.valousek%40adestotech.com%7Cc2be49b4c85243314b2108d7e56af68f%7C2ccd8edaa14a4b4f825ce6ad71d71b81%7C0%7C1%7C637230119889686299&sdata=A2NEAkZbMTX0WsLqQaIhYmDtr5p%2FauZc68W81Tqv4I0%3D&reserved=0 _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
