Hi,
I'd like to know if it somehow possible to use sssd as a proxy authenticator, by which I mean the following: · I want to authenticate users defined on a windows AD 2003 server on a Solaris box (sssd is not available) · I'm already using sssd on RHEL boxes -> I'd like to maintain the same UID/GID mapping on the Solarix boxes as those already used on the RHEL machines · I was wondering if there's a conf (or a hack) that makes it possible to authenticate an AD user on a box (which can't run sssd) the following way: Soraris box -> asks ldap server -> asks sssd (on same box or not) -> asks AD Since sssd is a client, I can't figure out how to do that, but maybe there's a way (that's why I was thinking that maybe, by combining an ldap server with sssd, they could act together as an authentication provider).
Again: The reason why not using directly just one ldap client on the Solaris boxes is to maintain the same UID/GIDs already defined in other sssd-based hosts.
Thanks a lot for any suggestions on this.
On (19/08/14 09:13), Gerardo Padierna wrote:
Hi,
I'd like to know if it somehow possible to use sssd as a proxy authenticator, by which I mean the following: · I want to authenticate users defined on a windows AD 2003 server on a Solaris box (sssd is not available) · I'm already using sssd on RHEL boxes -> I'd like to maintain the same UID/GID mapping on the Solarix boxes as those already used on the RHEL machines · I was wondering if there's a conf (or a hack) that makes it possible to authenticate an AD user on a box (which can't run sssd) the following way: Soraris box -> asks ldap server -> asks sssd (on same box or not) -> asks AD Since sssd is a client, I can't figure out how to do that, but maybe there's a way (that's why I was thinking that maybe, by combining an ldap server with sssd, they could act together as an authentication provider).
Again: The reason why not using directly just one ldap client on the Solaris boxes is to maintain the same UID/GIDs already defined in other sssd-based hosts.
Thanks a lot for any suggestions on this.
I think this was an aim of FreeIPA and legacy clients. http://www.freeipa.org/page/V3/Serving_legacy_clients_for_trusts
FreeIPA supports cross-realm trusts with Active Directory. You will need to install new version of FreeIPA (RHEL7, CentOS7)
Hope it helps.
LS
Thanks for the tip, I'll give it a try! Have been reading some of the docs and it looks like it could be the right solution for us.
Will report back with updates on this.
Regards, Gerardo El 20/08/14 10:26, Lukas Slebodnik escribió:
On (19/08/14 09:13), Gerardo Padierna wrote:
Hi,
I'd like to know if it somehow possible to use sssd as a proxy authenticator, by which I mean the following: · I want to authenticate users defined on a windows AD 2003 server on a Solaris box (sssd is not available) · I'm already using sssd on RHEL boxes -> I'd like to maintain the same UID/GID mapping on the Solarix boxes as those already used on the RHEL machines · I was wondering if there's a conf (or a hack) that makes it possible to authenticate an AD user on a box (which can't run sssd) the following way: Soraris box -> asks ldap server -> asks sssd (on same box or not) -> asks AD Since sssd is a client, I can't figure out how to do that, but maybe there's a way (that's why I was thinking that maybe, by combining an ldap server with sssd, they could act together as an authentication provider).
Again: The reason why not using directly just one ldap client on the Solaris boxes is to maintain the same UID/GIDs already defined in other sssd-based hosts.
Thanks a lot for any suggestions on this.
I think this was an aim of FreeIPA and legacy clients. http://www.freeipa.org/page/V3/Serving_legacy_clients_for_trusts
FreeIPA supports cross-realm trusts with Active Directory. You will need to install new version of FreeIPA (RHEL7, CentOS7)
Hope it helps.
LS _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users@lists.fedorahosted.org