realmd and a cross-forest trusting ad

Comments 1

Anyone tried a configuration of cross-forest trusting active directory domains and realmd?

I would need to enable authentication using account and group information from the main domain in question for the joined domain and another trusted domain.

Additionally I'm interested if a local group defined on the primary domain of the AD that includes users of primary and a trusted domain is usable as an authentication group for the host?

Any luck in this config or is it just something that is better supported by IPA and not by realmd?

Started 2017-07-10T18:51:01+00:00 by

Jukka Palko

Community Member 47 points

Responses

JP Community Member 47 points

11 July 2017 11:56 AM

Jukka Palko

I guess I found a reason for this while searching more on the config this morning:

The third exception is if SSSD fails to support a specific feature that you require (i.e. one that winbind supports); indeed, not all use cases are addressed in the same way between SSSD and winbind. For example, SSSD does not support cross forest AD trusts when connected directly to AD (and winbind does).

So, I put winbind to work... Now I have two AD domain users available although it seems that smb.conf needs a bit of editing to make this really work after having done authconfig-tui work.

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

Responses