Page 1 of 1

sssd

Posted: 2019/05/22 19:18:08
by spivy66
Hi All - I'm new to this and was hoping for some help.

I have an AD server setup and working in the cloud but I want to set up a caching server locally so it will be quicker for my users. I'm looking to make this plain and simple and I want my server to hit the local server to authenticate to my AD server and caching the information locally

I did some research and show I can do this with SSSD. I was able to join the domino as an admin but when I try to authenticate it fails saying cant see host via port 389. I'm not sure I'm barking up the right tree here, thanks

Re: sssd

Posted: 2019/05/22 19:33:11
by TrevorH
So is tcp port 389 open to your server on the AD DC? Be careful you don't open it to everyone, just to your own server.

Re: sssd

Posted: 2019/05/22 19:50:50
by spivy66
Hi - Thank you for your response, yes port 389 is open to the AD server. When I joined the domain using realm doesn't it connect over that port? belowis my config

[domain/mcsad.domain.com]
ad_server = mcsad.domain.com
ad_domain = mcsad.domain.com
krb5_realm = MCSAD.domain.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad

Re: sssd

Posted: 2019/05/23 11:28:51
by spivy66
Is my setup right, can I do this with SSSD or am I missing something?

Re: sssd

Posted: 2019/05/23 14:35:00
by TrevorH
port 389 is open to the AD server.
One of us isn't clear about what you're saying here. It's the port needs to be open ON the AD server not TO it. Maybe that's what you meant but it's a funny way of saying it.