Yes, it is. sssd will do the first task for you and for the second you need to install IDMU (Identity mgmt for Unix) and its migration assistant to migrate your maps into AD. Just note you will need Windows server 2003 R2 or newer for this (older AD schema is incompatible w/ sssd). Ondrej
On 10/16/2012 12:21 PM, Longina Przybyszewska wrote:
Hi list, I am going to set up proof-of -concept installation of Ubuntu (Precise) client/server using sssd to authenticate/authorize against Active Directory. At this moment everything seems to be a challenge - as I am exclusive (ok ;-) almost exclusive... ) hard core Linux user.
As our Windows team is not ready with AD schema for Unix - my first exercise could be -get login/ssh authenticate (and change passwd) against AD -get uid/gid/auto.home map/shell from existing Linux NIS server
Is my plan realistic ?
Best regards
Longina Przybyszewska Systemprogrammør, IT Services
Tel. +45 6550 2359 Mobile +45 6011 2359 Fax +45 6550 2467 Email longina@sdu.dk Web http://www.sdu.dk/ansat/longina Addr. Campusvej 55, DK-5230 Odense M, Denmark
UNIVERSITY OF SOUTHERN DENMARK _______________________________________________________________ Campusvej 55 * DK-5230 * Odense M * Denmark * Tel. +45 6550 1000 * www.sdu.dk
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Jakub Hrozek Sent: 12. oktober 2012 22:40 To: sssd-devel@lists.fedorahosted.org; sssd-users@lists.fedorahosted.org; freeipa-interest@redhat.com Subject: [SSSD-users] Announcing SSSD 1.9.2
=== SSSD 1.9.2 ===The SSSD team is proud to announce the release of version 1.9.2 of the System Security Services Daemon.
This is mostly a bugfix release again. I am going to branch off the 1.9 branch from master so that we can start including the 1.10 features in master.
As always, the source is available from https://fedorahosted.org/sssd
RPM packages will be made available for Fedora shortly, initially for F-18 and rawhide and later also backported to F-17.
== Feedback ==
Please provide comments, bugs and other feedback via the sssd-devel or sssd-users mailing lists: https://lists.fedorahosted.org/mailman/listinfo/sssd-devel https://lists.fedorahosted.org/mailman/listinfo/sssd-users
== Highlights == * Users or groups from trusted domains can be retrieved by UID or GID as well * Several fixes that mitigate file descriptor leak during logins * SSH host keys are also removed from the cache after being removed from the server * Fix intermittent crash in responders if the responder was shutting down while requests were still pending * Catch an error condition that might have caused a tight loop in the sssd_nss process while refreshing expired enumeration request * Fixed memory hierarchy of subdomains discovery requests that caused use-after-free access bugs * The krb5_child and ldap_child processes can print libkrb5 tracing information in the debug logs
== Tickets Fixed ==
https://fedorahosted.org/sssd/ticket/1008 Make sssd api conf file location configurable https://fedorahosted.org/sssd/ticket/1319 group lookups optimizations for IPA https://fedorahosted.org/sssd/ticket/1499 Add details about TGT validation to sssd-krb5 man page https://fedorahosted.org/sssd/ticket/1512 [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist https://fedorahosted.org/sssd/ticket/1514 [abrt] sssd-1.8.4-13.fc16: __GI_exit: Process /usr/libexec/sssd/sssd_pam was killed by signal 6 (SIGABRT) https://fedorahosted.org/sssd/ticket/1539 Collect Krb5 Trace on High Debug Levels https://fedorahosted.org/sssd/ticket/1551 sssd_nss process hangs, stuck in loop; "self restart" does recover, but old process hangs around using 100% CPU https://fedorahosted.org/sssd/ticket/1561 getting user/group entry by uid/gid sometimes fails https://fedorahosted.org/sssd/ticket/1569 Use pam_set_data to close the fd in the pam module https://fedorahosted.org/sssd/ticket/1571 sssd_nss intermittent crash https://fedorahosted.org/sssd/ticket/1574 SSH host keys are not being removed from the cache
== Packaging Changes ==
* The libsss_sudo-devel package no longer contains the package-config file. The libsss_sudo-devel shared object has been moved to the libsss_sudo package.== Detailed Changelog ==
E Deon Lackey (1): * Fix language errors in the sssd-krb5.conf man page
Jakub Hrozek (14): * Bumping the version to 1.9.1 release * Fix uninitialized pointer read in ssh_host_pubkeys_update_known_hosts * Fix segfault when ID-mapping an entry without a SID * Fix memory hierarchy in subdomains discovery * PAM: close socket fd with pam_set_data * Couple of specfile fixes * Remove libsss_sudo.pc and move libsss_sudo.so to libsss_sudo * Two fixes to child processes * Collect krb5 trace on high debug levels * PAM: fix handling the client fd in pam destructor * Create ghost users when a user DN is encountered in IPA * Only call krb5_set_trace_callback on platforms that support it * MAN: improve wording of default_domain parameter * Updating the translations for the 1.9.2 release
Jan Cholasta (1): * SSH: When host keys are removed from LDAP, remove them from the cache as well
Ondrej Kos (1): * Add more info about ticket validation
Pavel Březina (3): * do not fail if POLLHUP occurs while reading data * do not call dp callbacks when responder is shutting down * nss_cmd_retpwent(): do not go into infinite loop if n< 0
Sumit Bose (3): * Save time of last get_domains request * Check for subdomains if getpwuid or getgrgid are the first requests * Allow extdom exop to return flat domain name as well
Thorsten Scherf (1): * Fixed: translation bug
Yuri Chornoivan (1): * Fix typos
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users