[Freeipa-users] Debugging failed password checks (SSH) for AD users at the other end of 1-way trusts
Sumit Bose
sbose at redhat.com
Fri Dec 9 12:17:24 UTC 2016
On Thu, Dec 08, 2016 at 11:37:25AM -0500, Chris Dagdigian wrote:
>
> Massive thank you; will test ASAP.
>
> We mainly have to support CentOS/RHEL-6 and CentOS/RHEL-7 clients. Is there
> any established guidance on upgrading SSSD in these environments? Some sort
> of trusted repo where RPMs are built? I can hit the wiki and website but
> figured I'd ask as well. Not sure what other dependencies the SSSD framework
> may have or pull in.
You might want to have a look at
https://copr.fedorainfracloud.org/coprs/g/sssd/sssd-1-14/ . Lukas is
doing a great job here in providing test-builds of the latest versions
release in Fedora for other/older platforms.
But please note those are test-build. You have to wait until CentOS
release the 7.3 packages to have an 'official' sssd-1.14 build.
HTH
bye,
Sumit
>
> Sumit Bose wrote:
> > }
> >
> > at the very beginning of /etc/krb5.conf before and include or includedir
> > directives should fix it. With the broken configuration libkrb5 thinks
> > that there direct trust between NAFTA.COMPANY.ORG and COMPANYIDM.ORG
> > which is not the case, everything has to go via COMPANY.ORG because
> > that's the domain which trusts COMPANYIDM.ORG.
> >
> > Updating SSSD to a version with the fix might help as well.
> >
> > HTH
>
More information about the Freeipa-users
mailing list