Learn more about these different git repos.
Other Git URLs
https://bugzilla.redhat.com/show_bug.cgi?id=743509
Right now we have a script to join a machine to the IPA domain. We should have a similar script to join a machine to Active Directory domain. It should do the similar tasks - i.e.: 1. configure /etc/samba/smb.conf 2. net ads join (- just to get machine creds in /etc/krb5.keytab) 3. configure sssd.conf to have something like this: ldap_search_base = <search base> id_provider = ldap auth_provider = krb5 chpass_provider = krb5 cache_credentials = True ldap_sasl_authid = <hostname>$@<REALM> dns_discovery_domain = <REALM> krb5_realm = <REALM> ldap_sasl_mech = GSSAPI ldap_user_object_class = user ldap_group_object_class = group ldap_user_home_directory = unixHomeDirectory ldap_tls_cacertdir = /etc/openldap/cacerts ldap_schema = rfc2307bis 4. configure PAM modules for sssd 5. configure /etc/krb5.conf Does it make any sense?
Fields changed
coverity: => description: https://bugzilla.redhat.com/show_bug.cgi?id=743509
{{{ Right now we have a script to join a machine to the IPA domain. We should have a similar script to join a machine to Active Directory domain. It should do the similar tasks - i.e.: 1. configure /etc/samba/smb.conf 2. net ads join (- just to get machine creds in /etc/krb5.keytab) 3. configure sssd.conf to have something like this:
ldap_search_base = <search base> id_provider = ldap auth_provider = krb5 chpass_provider = krb5 cache_credentials = True ldap_sasl_authid = <hostname>$@<REALM> dns_discovery_domain = <REALM> krb5_realm = <REALM> ldap_sasl_mech = GSSAPI ldap_user_object_class = user ldap_group_object_class = group ldap_user_home_directory = unixHomeDirectory ldap_tls_cacertdir = /etc/openldap/cacerts ldap_schema = rfc2307bis
Does it make any sense? }}} => https://bugzilla.redhat.com/show_bug.cgi?id=743509
Does it make any sense? }}}
milestone: NEEDS_TRIAGE => SSSD Deferred patch: => 0 rhbz: => tests: => 0 testsupdated: => 0 upgrade: => 0
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=743509 743509]
The proposed configuration is not enough. The biggest challenge is actual joining the AD domain and provisioning keys to the host (equivalent of the 'net join' command). This is now a part of the realmd project however it might make sense to pull some of the parts of the project into SSSD. This needs some further discussion. This is a critical piece of functionality for AD integration.
blockedby: => blocking: => description: https://bugzilla.redhat.com/show_bug.cgi?id=743509
feature_milestone: => milestone: SSSD Deferred => Temp milestone priority: minor => critical proposed_priority: => Blocker summary: RFE: implement a script for joining to the Active Directory domain => RFE: implement a script/tool joining to the Active Directory domain
summary: RFE: implement a script/tool joining to the Active Directory domain => [RFE] implement a script/tool joining to the Active Directory domain
Moving all the features planned for 1.10 release into 1.10 beta.
milestone: Temp milestone => SSSD 1.10 beta
priority: critical => blocker
cc: => myllynen@redhat.com
design: => design_review: => 0 fedora_test_page: => selected: => Must
This will be handled by realmd.
resolution: => wontfix status: new => closed
Metadata Update from @sgallagh: - Issue set to the milestone: SSSD 1.10 beta
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2075
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.