First, thanks for this great tool !
With a very simple setup, it allows me to use dozens of *Ubuntu 14.04 (sssd version 1.11.5-1ubuntu3) computers in the AD environment of my school, where I have two 2003 servers.
I tried to help a collegue to do the same in another school (where there is a mix of 2003 and 2008 servers), but I failed : the problem seems to come from Kerberos, because I found messages of this type in the sssd logs : "... has no support for encryption type". The enrollment of the computer in the realm was OK, but users login sometimes fails.
In some blog I can't find anymore, it was written that old encryption types (DES) was not supported anymore on 2008 servers, so I tried to force some Kerberos options ("krb5_use_kdcinfo = false" in sssd.conf and "allow_weak_crypto = 1" in /etc/krb5.conf).
The sssd logs let think that /etc/krb5.conf is looked, but the result is the same.
The only thing "working" was to prevent the computer to talk with the 2003 server with iptables, but this is a horrible and annoying hack.
So my question are :
- Does anyone alredy managed to use sssd in this type of environment ?
- Would you have any idea where to look for better debugging ?
Thanks very much,
_______________________________________________ sssd-users mailing list email@example.com https://lists.fedorahosted.org/mailman/listinfo/sssd-users
-- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc.