One minor thing (not sure if worth mentioning): When installing IDMU on windows server, it is quite useful to stop& disable the "server for NIS" service - it is not needed for the sssd functionality (not mentioning the security issues related to using NIS).
Ondrej ________________________________________ From: sssd-users-bounces@lists.fedorahosted.org [sssd-users-bounces@lists.fedorahosted.org] on behalf of Simo Sorce [simo@redhat.com] Sent: Friday, April 11, 2014 6:09 PM To: End-user discussions about the System Security Services Daemon Subject: Re: [SSSD-users] [SSSD] New AD provider howto
On Fri, 2014-04-11 at 11:14 -0400, Stephen Gallagher wrote:
Well, the major technical reason is that it would be a backwards-incompatible change. Updating the SSSD and changing that behavior could very easily mean suddenly locking a whole lot of people out of their system. There's really no easy way to change this unless we want to force an upgrade to set it explicitly to 'access_provider = permit', but that would still break if something like puppet overwrote it again.
Although there are risks, I think we should do it in the next major release.
Simo.
-- Simo Sorce * Red Hat, Inc * New York
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users