Hi All - I'm new to this and was hoping for some help.
I have an AD server setup and working in the cloud but I want to set up a caching server locally so it will be quicker for my users. I'm looking to make this plain and simple and I want my server to hit the local server to authenticate to my AD server and caching the information locally
I did some research and show I can do this with SSSD. I was able to join the domino as an admin but when I try to authenticate it fails saying cant see host via port 389. I'm not sure I'm barking up the right tree here, thanks
sssd
Re: sssd
So is tcp port 389 open to your server on the AD DC? Be careful you don't open it to everyone, just to your own server.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: sssd
Hi - Thank you for your response, yes port 389 is open to the AD server. When I joined the domain using realm doesn't it connect over that port? belowis my config
[domain/mcsad.domain.com]
ad_server = mcsad.domain.com
ad_domain = mcsad.domain.com
krb5_realm = MCSAD.domain.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad
[domain/mcsad.domain.com]
ad_server = mcsad.domain.com
ad_domain = mcsad.domain.com
krb5_realm = MCSAD.domain.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad
Re: sssd
One of us isn't clear about what you're saying here. It's the port needs to be open ON the AD server not TO it. Maybe that's what you meant but it's a funny way of saying it.port 389 is open to the AD server.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke