So I have two-way trust setup and it seems to work. And as described here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/trust-ssh.html
SSSD allows user names in the format [email protected], ad.domain\user and AD\user That works just as described. I have two domains/realms - idm.placeiq.net and idm-ad.placeiq.net, the second being the Active Directory domain. My desire is to have AD be the source for all user/authentication - the AD users will use their creds to ssh in to all of the Centos hosts in the idm.placeiq.net domain. The hosts that live in IDM are a combination of Centos 6.8 and 7.X hosts. How can I make it so a user does not have to: ssh 'IDM-AD\Administrator’@hostname or ssh [email protected]@hostname Instead when I say Administrator@hostname it auto-magically knows I mean "ssh [email protected]@10.1.41.202 I’ve tried modifiying krb5.conf as such but it seems like I’m missing a step. [libdefaults] #default_realm = IDM.PLACEIQ.NET default_realm = IDM-AD.PLACEIQ.NET I think my clients use the localauth plugin but I’m not entirely sure. If so, how can I configure its behavior? Jim Richard SYSTEM ADMINISTRATOR III (646) 338-8905
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
