Okay, so I have sssd-ad pretty much working on a Fedora 18 laptop, but
I'm not having much luck getting it going on RHEL 6.4, at least not for
GDM logins.
If I have the sssd daemon running, I get an authentication failure using
my domain username / password, and my local account login takes orders
of magnitude longer to complete than if sssd is shut off. This is after
I've manually (and successfully) completed 'kinit <domain-username>' and
'net ads join -k', so I have a TGT and two application principals (cifs
and ldap) attached to my domain user principal. There is also a valid
krb5.keytab file in /etc/.
Now from my Fedora laptop, where I'm logged in with my domain
credentials (the same ones, obviously, as I'm trying to use from my RHEL
6.4 workstation): if the sssd daemon is not running on the RHEL 6.4
workstation, an attempt to ssh from the laptop fails with an
authentication error. Once I start sssd on the workstation, my ssh
connection from the laptop succeeds without any password or passphrase
challenges - presumably because the kerberos credentials are in force.
The files /etc/krb5.conf, /etc/samba/smb.conf, and /etc/sssd/sssd.conf
are identical on both systems, but obviously the applications and
libraries are different versions between Fedora 18 and RHEL 6.4. Has
anyone here gotten everything working (with Microsoft Active Directory)
using sssd on RHEL 6.4?
Regards,
--
*Harry Sutton*
Global Solutions Support Engineering (GSSE)
GSD Customer Solution Center
Technology Services, Enterprise Group