Hello everyone, I have a nice and working IPA v3 with trust to AD set up. On one of our smtp servers (with authentication against different LDAP via sssd) I have set a saslauthd service which binds to our ipa server on 636/tcp using credentials and certificate issued for specific ipa user. Sasl works perfectly well as long as I try to authenticate ipa users (who can be found with ipa-user command) even with 2FA enabled, yet it fails if I try to authenticate AD user who was 'imported' into IPA via 'ipa group-add-member' command and 'external group as a member of posix group' method. AD users can be seen using 'id' command and can be allowed to log on linux servers, execute sudo commands based on hbac rules and so on. Even freeradius with OTP works. Alas, no sasl. I know that probably it would be wiser to set sasl to ask AD directly, but I am just curious if it is possible to make it work via IPA.
Best regards _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
