Our users would have following features with the SSSD setup (moving from NIS to
AD-integrated desktops with sssd):
-homedir kerberized NFS4 share
-passwdless ssh between ad-integrated machines
On the AD side we got POSIX attributes for users and several POSIX groups ; we use GC .
I am not sure if my assumption is right that localauth
plugin=sssd_krb5_localauth_plugin.so in krb5.conf triggers krb nfs-mount problem.
WE would like to login as AD principals =sSAMAccount names - also, short names system
wide (we can do because all name are unique across trusty cross realm);
May be our setup is very specific, as we started to build it with much earlier versions
of sssd,, and does not play well into 1.12.5 version?
In our case UPN names name@realm are different from name@fqdn;
Is there simple way to get authentication via 'name' in 1.12.5? (our names
(=sSAMAccount name) are unique across multi domain realm.
Should we stick to UPN names to avoid troubles?
UPN longina@realm
I am member of N.C.REALM domain - my Kerberos principal ticket is for longina(a)N.C.REALM
I would like to login as 'longina' ; eventually as 'longina@realm'
Best,
Longina
-----Oprindelig meddelelse-----
Fra: sssd-users-bounces(a)lists.fedorahosted.org [mailto:sssd-users-
bounces(a)lists.fedorahosted.org] På vegne af Jakub Hrozek
Sendt: 30. juli 2015 16:44
Til: sssd-users(a)lists.fedorahosted.org
Emne: Re: [SSSD-users] ssh passwordless with sssd-1.12.5 problem!!
On Thu, Jul 30, 2015 at 02:38:11PM +0000, Longina Przybyszewska wrote:
> I have Ubuntu -LTS with kernel 3.13.0-61 Sssd 1.12.5
>
> I am preparing production setup based on Ubuntu; gss-proxy looks a bit
adventures for production.
> What sssd vwrsion do you recommend for profuction?
> In Ubuntu repositories are 2 choices:
>
> 1.11.7
> 1.12.5
Both are pretty stable, but out of these two I would recommend 1.12.5
>
> Actually I really don't know what is getting wrong.
>
> best
> Longina
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users