Ondrej Valousek said the following on 05/03/2013 04:16 PM:
> Also, many options from the ldap provider works for ad provider, too - it is a little secret :)
work - as in setting an ldap_.. setting - is also used by ad provider -
os do I rename the settting to ad_.. ?
> -----Original Message-----
> From: email@example.com [mailto:firstname.lastname@example.org
] On Behalf Of Ondrej Valousek
> Sent: Friday, May 03, 2013 4:14 PM
> To: End-user discussions about the System Security Services Daemon
> Subject: Re: [SSSD-users] finding user - but says ldap result empty
> Yes, Kerberos binding is in use in case of the ad provider. But you can override Kerberosl realm configuration in sssd.conf (moreover, several realms can be configured in krb5.conf - I do not see the conflict). All you need is valid machine principal in /etc/krb5.keytab
which can be easily obtained with 'net ads join'.
> To me, the Kerberos setup is much easier/safer than hassling with the ldap bind user.
I would like to do that - but it still requires me to manually login to
100+ servers, and add them to the domain :(
I'll try to make it work with the ad provider - while hoping someone
knows whats up with the ldap provider, so I can use puppet to rollout
ldap config to all for now (and then setup puppet to switch to ad
provider - if the host has been joined to the AD :)
should I use samba3 or samb4 version - for net ads join ? (does it matter).
AFAIK samba3 should be fine - when I'm only going to have linux clients,
Klavs Klavsen, GSEC - email@example.com - http://www.vsen.dk
- Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
sssd-users mailing list