On 04/04/2015 04:13 PM, rone wrote:
Dmitri Pal writes:
> May be we should step back and discuss your environment.
> What do you have and what are you trying to accomplish?
Right now, these OpenStack hosts have sssd configured to allow login
via PAM/LDAP against their AD credentials for individual users (as per
/etc/security/access.conf). The goal is to allow login to AD groups,
where groups are AD distribution lists.
thanks
rone
But you do not have POSIX in AD at least for groups.
And you do not want to join systems into AD.
So in this case AFAIU you have to use the LDAP provider and treat AD as
generic LDAP server but add some specific AD related setting on top.
Can you share your sssd. conf that you currently have?
Please clean it up from sensitive data like domain and host names before
sending to the list.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.