On 06/23/2016 05:23 AM, Kaplan, Andrew H. wrote:
We are running CentOS 7.2 on a virtual machine, and we are trying to set up LDAP authentication.
In an AD environment, it's important to point out that you typically
can't do "ldap authentication". You can, but you'll need a service
account to do it, and none of the work you've described so far indicates
that you've set one up.
Instead of thinking about AD as LDAP, consider it a set of services that
should be used together. Technically, you'll use LDAP for identity and
Kerberos for authentication, but you should think of AD as providing
both identity and authentication.
The easy way to use AD is to use the realm tool to set up integration:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/realmd-domain.html
The details of setting up AD manually are described in excruciating
detail here:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/pdf/Windows_Integration_Guide/Red_Hat_Enterprise_Linux-7-Windows_Integration_Guide-en-US.pdf
If you use realmd, you should not need to edit sssd.conf at all. If you
decide to do things manually, I'd still recommend providing the complete
configuration description to "authconfig" and allowing it to write
sssd.conf for you.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos