On (19/08/14 09:13), Gerardo Padierna wrote:
Hi,
I'd like to know if it somehow possible to use sssd as a proxy authenticator,
by which I mean the following:
· I want to authenticate users defined on a windows AD 2003 server on a
Solaris box (sssd is not available)
· I'm already using sssd on RHEL boxes -> I'd like to maintain the same
UID/GID mapping on the Solarix boxes as those already used on the RHEL
machines
· I was wondering if there's a conf (or a hack) that makes it possible to
authenticate an AD user on a box (which can't run sssd) the following way:
Soraris box -> asks ldap server -> asks sssd (on same box or not) -> asks AD
Since sssd is a client, I can't figure out how to do that, but maybe there's
a way (that's why I was thinking that maybe, by combining an ldap server with
sssd, they could act together as an authentication provider).
Again: The reason why not using directly just one ldap client on the Solaris
boxes is to maintain the same UID/GIDs already defined in other sssd-based
hosts.
Thanks a lot for any suggestions on this.
I think this was an aim of FreeIPA and legacy clients.
http://www.freeipa.org/page/V3/Serving_legacy_clients_for_trusts
FreeIPA supports cross-realm trusts with Active Directory.
You will need to install new version of FreeIPA (RHEL7, CentOS7)
Hope it helps.
LS