Can SSSD authenticate against multiple Active Directory Domains?

Solution Verified - Updated -

Issue

Two AD domains that are in a trust relationship.

DOMAIN1
DOMAIN2

Both domains are running 2003 and have the appropriate DNS SRV records configured for _ldap and _kerberos.

Keytab is generated for DOMAIN1, and SSSD is configured to authenticate against a DOMAIN1 AD server. getent passwd runs successfully on the client against AD users and groups in DOMAIN1 but not for objects in DOMAIN2.

Environment

  • Red Hat Enterprise Linux (RHEL) 5
  • Red Hat Enterprise Linux (RHEL) 6
  • SSSD

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content