Hi, I'm coming from other OS - Arch Linux. So from my point of view:
- for NSS you pasted full config file and it is great https://sssd.io/docs/ad/ad-provider-manual.html#nss-pam-configuration - do the same for pam.d config so nobody gets confused - add info on which sssd/krb5 version it was tested, so it would be easier to troubleshoot if there is too old or too new sssd - I'd like to see some manual how to properly configure automount with AD with krb5 ticket authentication - some extra info about systemd-automount, if possible, if would work with DFS etc, as systemd-automount get's more popular (autofs was for some reason removed from Arch repos :( ) - maybe what is possible to fetch with GPO for Linux (printers with CUPS, shares with automount?), I read only this https://sssd.io/design-pages/active_directory_gpo_integration.html - more screenshots how to configure GPO, LDAP schema in Windows eg. I see in man sssd-ad line "When the autofs provider is set to “ad”, the RFC2307 schema attribute mapping (nisMap, nisObject, ...) is used, because these attributes are included in the default Active Directory schema.". It would be extra feature to read more on your website with screenshots - maybe PAM.D + AD configure of Smartcard implementation - I can't find myself in menu schema. I googled this site: https://sssd.io/design-pages/autofs_integration.html ; I have no idea how to get there if coming from htttps://sssd.io Anyway, nowadays SSSD has great docs anyway! Thanks for your work! ----- Pawel śr., 12 maj 2021 o 23:15 Spike White <[email protected]> napisał(a): > Pavel, > > To me, what was most helpful in the old documentation was the > architectural discussions embedded in the enhancement requests. When the > requests were satisfied. > > Examples: > use of short names in non-local domains > auto-discovery of trusted domains > > For instance, until I read that discussion I was unaware that if you > turned off auto-discovery and explicitly defined each child domain, that > sssd would no longer contact the global catalog (GC) and thus, full > membership in universal groups was not found. Only if you turned on > auto-discovery did the sssd code query the GC. this is not intuitive, so > having that documentation was a great help. > > Another example is the discussion of that better discovery algorithm for > AD DCs. It came out in a recent sssd release, maybe in the last 6-9 > months. But I can't find that algorithm discussion now. > > Spike > > On Wed, May 12, 2021 at 7:15 AM Pavel Březina <[email protected]> wrote: > >> Dear SSSD community, >> we have recently introduced new SSSD project web page at >> https://sssd.io. We would like to keep adding new content, we have >> plenty of ideas but we would also like to get some tips from you: >> >> What articles would you like to see on the page? What knowledge gaps are >> hard to fill with existing documentation? Feel free to suggest both user >> and developer facing content. >> >> Thanks, >> Pavel >> _______________________________________________ >> sssd-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> Do not reply to spam on the list, report it: >> https://pagure.io/fedora-infrastructure >> > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
