On Tue, Apr 25, 2017 at 12:37:50PM -0000, kn@unwire.dk wrote:
Hi.
I have the following scenario :
-'example.com' domain running on premises -'aws.example.com' domain running on 'Amazon Microsoft AD' in VPC with VPN connection to on premises.
- One-way trust created from aws.example.com to example.com
I'm sorry, but sssd so far only supports domains a single forest. You can either join the client to each of the forests (and create multiple domain sections in sssd.conf) or use freeipa as you said or use winbind.
I´m currently able to log in to a Windows server joined to aws.example.com using example.com credentials. Now i want the same for our Linux servers running in Amazon VPC and have tried using this guide.: http://docs.aws.amazon.com/directoryservice/latest/admin-guide/join_linux_in...
I am able to login using credentials from aws.example.com like this .: ssh user@aws.example.com (user is present in this domain) But i am not able to do it using ssh user@example.com (user is present in this domain)
I have searched a lot on this topic and saw freeipa mentioned a few times, but i would rather avoid having to use extra software if necessary.
Yes, freeipa can help here in the sense that you would establish a trust to each of these forests.