For years, most of the *nix folks here on campus have been content with good ol’ Samba and Winbind for inter-operating with Active Directory users and groups. But for various reasons, the new and supposedly “simpler” way has been to integrate SSSD directly through Kerberos and LDAP configurations to connect to AD. But we’ve had a huge uptick in people having trouble getting authentications to work with Kerberos.  We haven’t yet gone as far as doing low-level network tracing, but wondered if anyone has a definitive cookbook or guide they have followed that is complete/accurate and actually worked?  It is entirely possible that we have things set a bit too securely on the AD side, but we are looking for a baseline Linux config to test, not being expert Linux admins and all!   Thanks!   Erik

 

Erik Coleman Senior Manager, Enterprise Systems Technology Services at Illinois University of Illinois at Urbana-Champaign