Okay, so I have sssd-ad pretty much working on a Fedora 18 laptop,
but I'm not having much luck getting it going on RHEL 6.4, at least
not for GDM logins.
If I have the sssd daemon running, I get an authentication failure
using my domain username / password, and my local account login
takes orders of magnitude longer to complete than if sssd is shut
off. This is after I've manually (and successfully) completed 'kinit
<domain-username>' and 'net ads join -k', so I have a TGT and
two application principals (cifs and ldap) attached to my domain
user principal. There is also a valid krb5.keytab file in /etc/.
Now from my Fedora laptop, where I'm logged in with my domain
credentials (the same ones, obviously, as I'm trying to use from my
RHEL 6.4 workstation): if the sssd daemon is not running on the RHEL
6.4 workstation, an attempt to ssh from the laptop fails with an
authentication error. Once I start sssd on the workstation, my ssh
connection from the laptop succeeds without any password or
passphrase challenges - presumably because the kerberos credentials
are in force.
The files /etc/krb5.conf, /etc/samba/smb.conf, and
/etc/sssd/sssd.conf are identical on both systems, but obviously the
applications and libraries are different versions between Fedora 18
and RHEL 6.4. Has anyone here gotten everything working (with
Microsoft Active Directory) using sssd on RHEL 6.4?
Regards,
--
Harry Sutton
Global Solutions Support Engineering (GSSE)
GSD Customer Solution Center
Technology Services, Enterprise Group