I'm having trouble authenticating to an AD domain with a disjointed namespace using SSSD. Here's what I'm up against:
netbios domain name: BLAH
to join to the domain I have to have workgroup: BLAH in smb.conf, which is not generally how smb and winbind are config'ed (usually it would be DS instead of BLAH).
but when I try to "su
user@ds.blah.com" I get an invalid password, and a log entry indicating "[sssd[krb5_child[29198]]]: Cannot resolve servers for KDC in realm "
BLAH.COM"". I'm assuming that it's looking for the KDC there because of the setting in smb.conf.
I'm running SSSD 1.9.2 on CentOS 6.5.
I've tried various settings googling around, and so my current sssd.conf file looks like:
[sssd]
services = nss, pam, ssh, pac
config_file_version = 2
debug_level = 10
[nss]
[pam]
[sudo]
[autofs]
[ssh]
[pac]
cache_credentials = False
krb5_store_password_if_offline = False
id_provider = ad
auth_provider = ad
access_provider = ad
ad_enable_dns_sites = True
krb5_canonicalize = false
debug_level = 5
Any suggestions would be greatly appreciated.
===================================
===================================
"The aim of education
is the knowledge,
not of facts,
but of values."
— William S. Burroughs
"I’m supposed to be
a scientific person
but I use intuition
more than logic
in making basic
decisions."
— Seymour R. Cray