On Mon, Aug 24, 2015 at 11:20:33AM +0200, Anthony Gautier De Lahaut wrote:
Hi,
I would like to contact you because I have a problem with authentication via
SSSD .
I explain my problem...
I have 2 forest , LESLANDE.LOCAL and ESSONNE.LOCAL.
_LESLANDES.LOCAL is composed :_
- srv.LESLANDES.LOCAL /(WS 2012 R2 : AD (+ trust relationship) , DNS (+ DNS
Forwarders)./
- client.LESLANDES.LOCAL (CentOS 6.7 : SSSD (sssd-1.12.4-47.el6.x86_64).
_ESSONNE.LOCAL is composed :_
- srv.ESSONNE.LOCAL /(WS 2012 R2 : AD (+ trust relationship) , DNS (+ DNS
Forwarders)./
Domain users LESLANDES.LOCAL (ex : bwillis(a)LESLANDES.LOCAL) can loggin in a
client.LESLANDES.LOCAL but domain users ESSONNE.LOCAL doesn't work ....
I have follow and read differents topics but nothing....
https://fedorahosted.org/sssd/wiki/InternalsDocs#a4.2.MultipleDomainsandT...
http://jhrozek.livejournal.com/
SSSD currently does not support AD-AD cross-forest. You already created
two separate entries in sssd.conf for both domains but you have to join
both domains as well. The error messages you have on the last page of
the pdf file is caused by the fact that SSSD tries to contact the KDC of
ESONNE.LOCAL but only has keytab entries for LESLANDES.LOCAL.
I think it would be best to put the keytab entries for ESSONNE.LOCAL in
a different keytab file than the ones for LESLANDES.LOCAL and use
krb5_keytab in the ESSONNE.LOCAL section of sssd.conf to point to the
different keytab.
HTH
bye,
Sumit
Many thanks,
Regard,
Anthony.
PS : In attachment , detail of project (configuration and logs).
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users