Hi Eric,
I think I'm trying to achieve the same thing, and I actually asked a
similar question some time ago myself here
(
https://lists.fedorahosted.org/pipermail/sssd-users/2014-August/002099.html
).
The answer was: Take a look at FreeIPA server project.
I did, but I couldn't get it to work because the setup, as for now,
requires a two-way domain trust between AD and the IPA server/domain
(apart from CentOS >= 7.0 for the FreeIPA server). And so far, I
couldn't convince the neither the AD admins, nor my manager, boss,
blablabla to allow that....
Maybe it's a solution for you, though.
BTW, there've been some interesting questions in the same direction in
the corresponding FreeIPA user mailing list. like this thread:
https://www.redhat.com/archives/freeipa-users/2014-September/msg00276.html
Good luck!
Gerardo Padierna
El 03/10/14 a las #4, Jakub Hrozek escribió:
On Fri, Oct 03, 2014 at 02:01:04PM +0200, Eric VS wrote:
> Hi all,
>
> I'm new to this list and to SSSD. I just set up SSSD so that our admins can
> authenticate on Linux using their Active Directory username. For this I
> have a centralized 'box' (AUTH01) in the production environment. Everything
> works on that single box authenticating to the AD. My question now is if
> there's a way to have other Linux VMs (CentOS 6.5) in that environment
> authenticate against that AUTH01 instance using only SSSD? Or do I need
> something on top of it?
>
> Sorry if this is a question that's already been asked but I've been
> searching the internet without any luck yet.
>
> Kind regards,
>
> *Eric *
>
> *E-mail: vs.eric(a)gmail.com <vs.eric(a)gmail.com>*
I don't think this is currently possible, SSSD only supports
authentication against an LDAP server, a KDC or variants of the latter
(AD, IPA, ...)
The IPA server mode currently does something similar, the IPA server
which is acting a bit like proxy listens to requests from clients and
does a PAM conversation against locally running SSSD which talks to AD
servers. But still, there is a component (ns-slapd in that case) that
talks to the local SSSD and smart clients that talk to ns-slapd.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
--
*Gerardo Padierna Nanclares*
Técnico de Sistemas (grupo ASL) - [Fujitsu / Logware]
Servicio de Sistemas de la Información (DGTI) - Generalitat Valenciana
C/.Castan Tobeñas 77 – 46018 Valencia – Edificio A
Tel: 961 208973
Email: asl.gerardo(a)gmail.com <mailto:asl.gerardo@gmail.com>