[EXTERNAL] Re: FreeRadius and Active Directory and SSSD

[White, Daniel E. (GSFC-770.0)[AEGIS]]

An observation:
The instructions seem to only cover winbind.
As an example, it says to use the "ntlm_auth" command.  That command is not part of sssd.
Is there a newer version of that guide page that uses sssd instead of winbind ?


On 5/9/22, 07:52, "Freeradius-Users on behalf of Alan DeKok" <freeradius-users-bounces+daniel.e.white=nasa.gov at lists.freeradius.org on behalf of aland at deployingradius.com> wrote:

    On May 9, 2022, at 7:31 AM, White, Daniel E. (GSFC-770.0)[AEGIS] via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
    > 
    > RHEL 8 server
    > Joined to AD domain using sssd for credentials
    > 
    > The file /etc/nsswitch.conf contains: 
    > 
    > passwd:     sss files systemd
    > group:      sss files systemd
    > netgroup:   sss files
    > automount:  sss files
    > services:   sss files
    > 
    > shadow:     files sss
    > hosts:      files dns myhostname
    > 
    > aliases:    files
    > ethers:     files
    > gshadow:    files
    > networks:   files dns
    > protocols:  files
    > publickey:  files
    > rpc:        files
    > 
    > This guide
    > https://wiki.freeradius.org/guide/freeradius-active-directory-integration-howto
    > says to append "winbind" to passwd, shadow, group, protocols, services, netgroup, automount
    > 
    > Is this going to break things ?

      If you want users to come directly from AD, then you can add winbind.  If instead you use sssd for users, and it connects to AD, then just list "sss".

      Alan DeKok.