[Freeipa-users] CentOS IPA Client using Fedora IPA Server - SSO Fails from AD Trust domain
barrykfl at gmail.com
barrykfl at gmail.com
Wed Feb 5 15:47:22 UTC 2014
Any one knows how to add new attribute or object class to the user
accounts ...eg. added department and id creation date in those users info
field.
Can use 389 / redhat driectory console ? I tried to edit 99user.ldif seem
not shown up new attribute.
barry
2014-02-05 Martin Kosek <mkosek at redhat.com>:
> Good! Note that we plan to enhance SSSD to leverage the new Kerberos
> authlocal
> API to avoid having to update krb5.conf on each system. This is the
> upstream
> ticket:
>
> https://fedorahosted.org/sssd/ticket/1835
>
> Martin
>
> On 02/05/2014 03:27 PM, Mark Gardner wrote:
> > Thanks, That was what I missed.
> >
> >
> > On Wed, Feb 5, 2014 at 2:39 AM, Alexander Bokovoy <abokovoy at redhat.com
> >wrote:
> >
> >> On Tue, 04 Feb 2014, Mark Gardner wrote:
> >>
> >>> I'm trying to configure our CentOS IPA Client for Single Sign On from
> our
> >>> trusted AD domain.
> >>> SSO works fine when I ssh to the IPA server, but not to the CentOS
> Client.
> >>> It prompts for password which it accepts, so it's getting the
> >>> authentication from the AD domain.
> >>>
> >>> Fedora 20 IPA Server
> >>> CentOS 6.5 IPA Client
> >>> Win 2012 AD Domain Server
> >>>
> >>> Setup as IPA as a subdomain of AD.
> >>> AD Domain: test.local
> >>> IPA Domain: hosted.test.local
> >>>
> >>> Anybody run into this? Suggestions?
> >>>
> >> Each client needs to be configured to accept AD users' SSO.
> >>
> >> Check that /etc/krb5.conf contains auth_to_local rules mapping
> principals
> >> from
> >> AD to their names as returned by SSSD.
> >>
> >> SSH daemon is picky about principal/name mapping.
> >> --
> >> / Alexander Bokovoy
> >>
> >
> >
> >
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> >
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140205/b6dce459/attachment.htm>
More information about the Freeipa-users
mailing list