Thanks - and congratulations !
But, what does it mean in practice for multi domain AD environment that "Global Catalog is searched for identity information"? Can we drop ldap search per domain? Is that search full compatible with with ldap/domain search?
Is then autofs/automount support fully integrated in sssd since 1.10.0? No need for automount attributes in AD's ldap?
I would need that version implementation in Ubuntu - do you know which Ubuntu distribution would go with it?
Best,
Longina
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/08/2013 08:38 AM, Longina Przybyszewska wrote:
Thanks - and congratulations !
But, what does it mean in practice for multi domain AD environment that "Global Catalog is searched for identity information"? Can we drop ldap search per domain? Is that search full compatible with with ldap/domain search?
Is then autofs/automount support fully integrated in sssd since 1.10.0? No need for automount attributes in AD's ldap?
If you didn't have automount attributes in LDAP, how would you expect to get autofs to work? You need to get the information from somewhere.
I would need that version implementation in Ubuntu - do you know which Ubuntu distribution would go with it?
I believe that Timo Aaltonen has already packaged it for the latest release and is working on the backports to older releases.
Sorry , for that dummy question, but adding attributes for autofs seems to be troublesome for our MS team. If there is only one nfs -server it might be possible to built default auto.home entry with key and mount point set to $name and $server name taken from sssd.conf[autofs]. Yes, It is a special case, but very convenient.
Best, Longina
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Stephen Gallagher Sent: 8. juli 2013 14:45 To: sssd-users@lists.fedorahosted.org Subject: Re: [SSSD-users] Announcing SSSD 1.10.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/08/2013 08:38 AM, Longina Przybyszewska wrote:
Thanks - and congratulations !
But, what does it mean in practice for multi domain AD environment that "Global Catalog is searched for identity information"? Can we drop ldap search per domain? Is that search full compatible with with ldap/domain search?
Is then autofs/automount support fully integrated in sssd since 1.10.0? No need for automount attributes in AD's ldap?
If you didn't have automount attributes in LDAP, how would you expect to get autofs to work? You need to get the information from somewhere.
I would need that version implementation in Ubuntu - do you know which Ubuntu distribution would go with it?
I believe that Timo Aaltonen has already packaged it for the latest release and is working on the backports to older releases.
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Mon, 2013-07-08 at 13:15 +0000, Longina Przybyszewska wrote:
Sorry , for that dummy question, but adding attributes for autofs seems to be troublesome for our MS team. If there is only one nfs -server it might be possible to built default auto.home entry with key and mount point set to $name and $server name taken from sssd.conf[autofs]. Yes, It is a special case, but very convenient.
Isn't it just a matter of manually configuring autofs on your box then ? What's the point of routing through sssd if the configuration is local anyway ?
Simo.
Sorry , for that dummy question, but adding attributes for autofs seems to be troublesome for our MS team. If there is only one nfs -server it might be possible to built default auto.home entry with key and mount point set to $name and $server name taken from sssd.conf[autofs]. Yes, It is a special case, but very convenient.
Isn't it just a matter of manually configuring autofs on your box then ? What's the point of routing through sssd if the configuration is local anyway ?
The advantage is to have all config in one file config can differs per /domain.
Again - it is more my wish thinking - basically I have not tried [autofs] service in sssd yet.
Longina
You can configure sssd to map automount* attributes to something else - like nismap/nisobject (which is by default in AD schema). So no need to extend schema - just add few more lines:
ldap_autofs_map_object_class = nisMap ldap_autofs_entry_object_class = nisObject ldap_autofs_map_name = nisMapName ldap_autofs_entry_value = nisMapEntry
That should be it.... Ondrej
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Longina Przybyszewska Sent: Monday, July 08, 2013 3:15 PM To: 'End-user discussions about the System Security Services Daemon' Subject: Re: [SSSD-users] Announcing SSSD 1.10.0
Sorry , for that dummy question, but adding attributes for autofs seems to be troublesome for our MS team. If there is only one nfs -server it might be possible to built default auto.home entry with key and mount point set to $name and $server name taken from sssd.conf[autofs]. Yes, It is a special case, but very convenient.
Best, Longina
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Stephen Gallagher Sent: 8. juli 2013 14:45 To: sssd-users@lists.fedorahosted.org Subject: Re: [SSSD-users] Announcing SSSD 1.10.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/08/2013 08:38 AM, Longina Przybyszewska wrote:
Thanks - and congratulations !
But, what does it mean in practice for multi domain AD environment that "Global Catalog is searched for identity information"? Can we drop ldap search per domain? Is that search full compatible with with ldap/domain search?
Is then autofs/automount support fully integrated in sssd since 1.10.0? No need for automount attributes in AD's ldap?
If you didn't have automount attributes in LDAP, how would you expect to get autofs to work? You need to get the information from somewhere.
I would need that version implementation in Ubuntu - do you know which Ubuntu distribution would go with it?
I believe that Timo Aaltonen has already packaged it for the latest release and is working on the backports to older releases.
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
We have a similar situation and what you suggest looks OK, however I am having trouble figuring out what the actual entries look like on the AD side and how to populate them. Any pointers?
TIA,
Greg
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users- bounces@lists.fedorahosted.org] On Behalf Of Ondrej Valousek Sent: Monday, 8 July 2013 11:27 PM To: End-user discussions about the System Security Services Daemon Subject: Re: [SSSD-users] Announcing SSSD 1.10.0
You can configure sssd to map automount* attributes to something else - like nismap/nisobject (which is by default in AD schema). So no need to extend schema - just add few more lines:
ldap_autofs_map_object_class = nisMap ldap_autofs_entry_object_class = nisObject ldap_autofs_map_name = nisMapName ldap_autofs_entry_value = nisMapEntry
That should be it.... Ondrej
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users- bounces@lists.fedorahosted.org] On Behalf Of Longina Przybyszewska Sent: Monday, July 08, 2013 3:15 PM To: 'End-user discussions about the System Security Services Daemon' Subject: Re: [SSSD-users] Announcing SSSD 1.10.0
Sorry , for that dummy question, but adding attributes for autofs seems to be troublesome for our MS team. If there is only one nfs -server it might be possible to built default auto.home entry with key and mount point set to $name and $server name taken from sssd.conf[autofs]. Yes, It is a special case, but very convenient.
Best, Longina
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users- bounces@lists.fedorahosted.org] On Behalf Of Stephen Gallagher Sent: 8. juli 2013 14:45 To: sssd-users@lists.fedorahosted.org Subject: Re: [SSSD-users] Announcing SSSD 1.10.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/08/2013 08:38 AM, Longina Przybyszewska wrote:
Thanks - and congratulations !
But, what does it mean in practice for multi domain AD environment that "Global Catalog is searched for identity information"? Can we drop ldap search per domain? Is that search full compatible with with ldap/domain search?
Is then autofs/automount support fully integrated in sssd since 1.10.0? No need for automount attributes in AD's ldap?
If you didn't have automount attributes in LDAP, how would you expect to get autofs to work? You need to get the information from somewhere.
I would need that version implementation in Ubuntu - do you know which Ubuntu distribution would go with it?
I believe that Timo Aaltonen has already packaged it for the latest release and is working on the backports to older releases. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlHatDYACgkQeiVVYja6o6NFugCfQ2E5o+KAt5T1g+iVFINy7YTw y9QAnRzl24UAQvlQEdrXCIc/Pt8mYa3f =tuIM -----END PGP SIGNATURE----- _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Pretty much standard: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/...
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Greg.Lehmann@csiro.au Sent: Tuesday, July 09, 2013 6:06 AM To: sssd-users@lists.fedorahosted.org Subject: Re: [SSSD-users] Announcing SSSD 1.10.0
We have a similar situation and what you suggest looks OK, however I am having trouble figuring out what the actual entries look like on the AD side and how to populate them. Any pointers?
TIA,
Greg
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users- bounces@lists.fedorahosted.org] On Behalf Of Ondrej Valousek Sent: Monday, 8 July 2013 11:27 PM To: End-user discussions about the System Security Services Daemon Subject: Re: [SSSD-users] Announcing SSSD 1.10.0
You can configure sssd to map automount* attributes to something else
- like nismap/nisobject (which is by default in AD schema).
So no need to extend schema - just add few more lines:
ldap_autofs_map_object_class = nisMap ldap_autofs_entry_object_class = nisObject ldap_autofs_map_name = nisMapName ldap_autofs_entry_value = nisMapEntry
That should be it.... Ondrej
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users- bounces@lists.fedorahosted.org] On Behalf Of Longina Przybyszewska Sent: Monday, July 08, 2013 3:15 PM To: 'End-user discussions about the System Security Services Daemon' Subject: Re: [SSSD-users] Announcing SSSD 1.10.0
Sorry , for that dummy question, but adding attributes for autofs seems to be troublesome for our MS team. If there is only one nfs -server it might be possible to built default auto.home entry with key and mount point set to $name and $server name taken from sssd.conf[autofs]. Yes, It is a special case, but very convenient.
Best, Longina
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users- bounces@lists.fedorahosted.org] On Behalf Of Stephen Gallagher Sent: 8. juli 2013 14:45 To: sssd-users@lists.fedorahosted.org Subject: Re: [SSSD-users] Announcing SSSD 1.10.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/08/2013 08:38 AM, Longina Przybyszewska wrote:
Thanks - and congratulations !
But, what does it mean in practice for multi domain AD environment that "Global Catalog is searched for identity information"? Can we drop ldap search per domain? Is that search full compatible with with ldap/domain search?
Is then autofs/automount support fully integrated in sssd since 1.10.0? No need for automount attributes in AD's ldap?
If you didn't have automount attributes in LDAP, how would you expect to get autofs to work? You need to get the information from somewhere.
I would need that version implementation in Ubuntu - do you know which Ubuntu distribution would go with it?
I believe that Timo Aaltonen has already packaged it for the latest release and is working on the backports to older releases. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlHatDYACgkQeiVVYja6o6NFugCfQ2E5o+KAt5T1g+iVFINy7YTw y9QAnRzl24UAQvlQEdrXCIc/Pt8mYa3f =tuIM -----END PGP SIGNATURE----- _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
I would need that version implementation in Ubuntu - do you know which Ubuntu distribution would go with it?
I believe that Timo Aaltonen has already packaged it for the latest release and is working on the backports to
older releases.
I have checked through all Ubuntu distributions - the newest version - 10.9.4 is in Raring;
Ubuntu Precise LTS - has 10.8.6
Best regards Longina
09.07.2013 11:54, Longina Przybyszewska kirjoitti:
I would need that version implementation in Ubuntu - do you know which Ubuntu distribution would go with it?
I believe that Timo Aaltonen has already packaged it for the latest release and is working on the backports to
older releases.
I have checked through all Ubuntu distributions - the newest version - 10.9.4 is in Raring;
Ubuntu Precise LTS - has 10.8.6
it's 1.8.6
saucy has 1.10.0 since last Friday
t
On Mon, Jul 08, 2013 at 12:38:35PM +0000, Longina Przybyszewska wrote:
Thanks - and congratulations !
But, what does it mean in practice for multi domain AD environment that "Global Catalog is searched for identity information"?
The Global Catalog searches are useful in environments where multiple AD servers trust each other. With 1.10 you can resolve identity information and authenticate as users from trusted domains in the same forest.
sssd-users@lists.fedorahosted.org
-
Greg Lehmann -
Jakub Hrozek -
Longina Przybyszewska -
Ondrej Valousek -
Simo Sorce -
Stephen Gallagher -
Timo Aaltonen