Hello,
I have a setup with two different AD domains a.com and b.com in separate forests. Im working with sssd-1.11.7
Everything is fine apart from sudo. When I issue an sudo, sssd performs authentications always on domain A even if the user logged in belongs to domain B. How can I tell sssd to perform the searches in the domain of the logged in user?
Cristiano
On 07/29/2015 10:07 AM, Cumer Cristiano wrote:
Hello,
I have a setup with two different AD domains a.com and b.com in separate forests. Im working with sssd-1.11.7
Everything is fine apart from sudo. When I issue an sudo, sssd performs authentications always on domain A even if the user logged in belongs to domain B. How can I tell sssd to perform the searches in the domain of the logged in user?
Cristiano
Hi, if you want to share names between domains, I'm afraid you need to use use_fully_qualified_names set to true. But then it has to be also reflected by sudoUser attribute at this moment (we have a ticket to fix that).
That works! Thanks
Cristiano
On 29 Jul 2015, at 11:09, Pavel Březina pbrezina@redhat.com wrote:
On 07/29/2015 10:07 AM, Cumer Cristiano wrote:
Hello,
I have a setup with two different AD domains a.com and b.com in separate forests. Im working with sssd-1.11.7
Everything is fine apart from sudo. When I issue an sudo, sssd performs authentications always on domain A even if the user logged in belongs to domain B. How can I tell sssd to perform the searches in the domain of the logged in user?
Cristiano
Hi, if you want to share names between domains, I'm afraid you need to use use_fully_qualified_names set to true. But then it has to be also reflected by sudoUser attribute at this moment (we have a ticket to fix that).
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users@lists.fedorahosted.org