[SSSD-users] Re: Replacement for Centrify adcert command
On Thu, 2019-08-15 at 10:20 +0200, Sumit Bose wrote:
CAUTION: This email originated from outside of the organization. Do
not click links or open attachments unless you recognize the sender and know the content
is safe.
On Tue, Aug 13, 2019 at 02:05:06PM -0400, James Cassell wrote:
> Good afternoon,
>
> I'm working on a migration from Centrify to SSSD with Active Directory.
Everything works quite well except for one item. Centrify has a feature to request a
certificate from the AD CA that is automatically granted, given the AD credentials. This
is used for wired 802.1x authentication, among other things.
>
> Is there a way to get an AD cert via SSSD or related tools such as adcli? (Centrify
calls this command 'adcert'.)
Hi,
it looks like AD CS with NDES can support SCEP
Certmonger with CEP/CES plugin( https://github.com/ufven/cepces ) also works. There you
get true AD
Certs using keytab/kerberos for auth.
I have tried it and works for Wifi at least.
Jocke