On 12/10/2013 05:40 PM, Dan Candea wrote:

On 12/10/2013 05:21 PM, Jakub Hrozek wrote:
On Tue, Dec 10, 2013 at 04:57:47PM +0200, Dan Candea wrote:
On 12/09/2013 07:00 PM, Lukas Slebodnik wrote:
I would suggest to configure sssd against AD with relamd.
debian >= jessie and ubuntu >= raring contain this package.

http://packages.debian.org/jessie/realmd
http://packages.ubuntu.com/raring/realmd

LS
Thx, this gave me a new config to start-up, and finally it worked.

Any workaround until this https://fedorahosted.org/sssd/ticket/1560
is solved?
Can you try setting:
    ldap_user_ssh_public_key = sshPublicKey
I have like this

[domain/2FA.TEST]
ad_server = 2fa-ad.2FA.TEST
ad_domain = 2FA.TEST
krb5_realm = 2FA.TEST
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%d/%u
access_provider = ad
krb5_use_enterprise_principal = True

debug_level = 10
enumerate = False
ldap_referrals = False
ldap_id_mapping = True
min_id = 1000
ad_access_filter = memberOf=CN=Linux-Admins,OU=Security Groups,DC=2FA,DC=TEST
ldap_user_search_filer = memberOf=CN=Linux-Admins,OU=Security Groups,DC=2FA,DC=TEST
ldap_user_ssh_public_key = sshPublicKey

but in the sssd_ldap log I can see
[sssd[be[2FA.TEST]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sshPublicKey]
.....
[sssd[be[2FA.TEST]]] [sdap_attrs_add_ldap_attr] (0x2000): sshPublicKey is not available for [testuser].

and in the ldapsearch i can see the attribute
sshPublicKey: ssh-rsa AAAAB.....

Thx
-- 
Dan Cândea
Does God Play Dice?

on sssd restart I can't see the
[dp_get_options] (0x0400): Option ldap_user_ssh_public_key has

shouldn't it be there?

-- 
Dan Cândea
Does God Play Dice?