[Freeipa-users] Ubuntu sssd client -- FreeIPA Server fed from AD
Gonzalo Fernandez Ordas
g.fer.ordas at unicyber.co.uk
Mon Mar 30 14:51:56 UTC 2015
Hi Jakub
Yes, I can also include that.
The configuration I was showing was a simple one, mainly I focused on
the library set as it is usually the most problematic part in old
distributions, but I will also include your comment as indeed makes more
sense.
As I was suggesting in the post, sssd is flexible enough admit multiple
configurations, once you get a working one you can work on improving it.
(Also I wanted to write that asap before I forget any important detail)
Your comment is very much appreciated and I will update accordingly
Thanks
On 30/03/2015 01:16, Jakub Hrozek wrote:
> On Mon, Mar 30, 2015 at 05:36:00AM +0100, g.fer.ordas at unicyber.co.uk wrote:
>> Hey Guys
>>
>> Not sure if I am missing any bit.... but this was the thing in the end:
>>
>>
>> http://generations.menteyarte.org/archives/195-freeipa-server-and-SSSD-on-Ubuntu.html
>>
>> I managed to have it working and I have documented all those nasty bits
>> which might save people's time. The whole weekend gone but for the less has
>> been productive.
>>
>> I am including the SUDO bit which is usually a pain in my experience..
>>
>> Thanks
> Thank you very much for documenting this, but wouldn't it be better to
> use id_provider=ipa instead?
>
> Then the configuration would be simpler, less error prone and would
> authenticate more securely. You don't need to run ipa-client-install on
> the box, you can generate the client keytab elsewhere and transfer it to
> the client.
>
More information about the Freeipa-users
mailing list