Linux SSSD with two AD Domains

linux active-directory centos sssd kerberos

Solution 1:

OK, this an old thread but I think it will be useful for some of us.

If you want to use sssd with more than one domain, you have to do this :

From https://access.redhat.com/solutions/4035171 :

After the realm join command, add a second domain from a different forest to the [domain_realm] section of /etc/krb5.conf :

.dom1.local = DOM1.LOCAL
dom1.local = DOM1.LOCAL

And then join the domain dom1.local :

adcli join --host-keytab=/etc/krb5.keytab.dom1.local dom1.local

Change sssd.conf as follows :

[sssd]
domains = dom2.local,dom1.local
...
[domain/testing.com]
ad_domain = dom1.local
krb5_realm = DOM1.LOCAL
realmd_tags = manages-system joined-with-samba 
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u@%d
access_provider = ad
timeout = 3600
krb5_keytab = /etc/krb5.keytab.dom1.local
ldap_krb5_keytab = /etc/krb5.keytab.dom1.local

and restart sssd : systemctl restart sssd

Related

Remove 1 Disk From 4 Disk RAID 5 Array
How do I redirect these water currents to get my loot?
Where are the savegames stored for Mario on the DS Lite
Minecraft "power ripple"
When does the day start for League of Legends?
Do I pay my debt payment at the beginning or ending of the due date?
Can multiple cities work the same tile in Civilization 5?
What's the data value ID for mossy stone brick and cracked stone brick?
With an AMD card, can I force V-Sync only for Rage?
Countering tanks/assassins as a ranged character
What are some designs for "safe" melon farms?
Is there a way to search for a particular type of resource?