On Wed, Sep 19, 2012 at 08:35:21AM -0500, Michael Cronenworth wrote:
Ondrej Valousek wrote:
nope. You need to use tool AD sites and services to create AD site first (you should have done that anyway if you have AD controllers behind a slow VPN link).
OK, thanks. I am not an AD expert (nor the admin of the Windows network) so I did not understand what you meant. I got the site name and tried:
dns_discovery_domain = Sitename._sites.example.com
The LDAP and KERBEROS services detected the correct server name, but the KPASSWD service was "not found" so my system could not authenticate me.
For the record, the fact that the back end went offline if the kpasswd server could not be resolved is a bug we fixed during the 1.9 development: https://fedorahosted.org/sssd/ticket/1452