sssd

Issues related to applications and software problems
Post Reply
spivy66
Posts: 3
Joined: 2019/05/22 19:12:05

sssd

Post by spivy66 » 2019/05/22 19:18:08

Hi All - I'm new to this and was hoping for some help.

I have an AD server setup and working in the cloud but I want to set up a caching server locally so it will be quicker for my users. I'm looking to make this plain and simple and I want my server to hit the local server to authenticate to my AD server and caching the information locally

I did some research and show I can do this with SSSD. I was able to join the domino as an admin but when I try to authenticate it fails saying cant see host via port 389. I'm not sure I'm barking up the right tree here, thanks

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: sssd

Post by TrevorH » 2019/05/22 19:33:11

So is tcp port 389 open to your server on the AD DC? Be careful you don't open it to everyone, just to your own server.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

spivy66
Posts: 3
Joined: 2019/05/22 19:12:05

Re: sssd

Post by spivy66 » 2019/05/22 19:50:50

Hi - Thank you for your response, yes port 389 is open to the AD server. When I joined the domain using realm doesn't it connect over that port? belowis my config

[domain/mcsad.domain.com]
ad_server = mcsad.domain.com
ad_domain = mcsad.domain.com
krb5_realm = MCSAD.domain.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad

spivy66
Posts: 3
Joined: 2019/05/22 19:12:05

Re: sssd

Post by spivy66 » 2019/05/23 11:28:51

Is my setup right, can I do this with SSSD or am I missing something?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: sssd

Post by TrevorH » 2019/05/23 14:35:00

port 389 is open to the AD server.
One of us isn't clear about what you're saying here. It's the port needs to be open ON the AD server not TO it. Maybe that's what you meant but it's a funny way of saying it.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply