enterprise-ubuntu team mailing list archive

Thread
Date

Re: SSSD, should I be using it?

To: "enterprise-ubuntu@xxxxxxxxxxxxxxxxxxx" <enterprise-ubuntu@xxxxxxxxxxxxxxxxxxx>
From: Longina Przybyszewska <longina@xxxxxx>
Date: Thu, 21 Feb 2013 12:38:34 +0000
Accept-language: en-GB, da-DK, en-US
In-reply-to: <51235717.6030208@tieto.com>
Thread-index: AQHODinsDcqssrm630yWCg6MNKaNBJiA7ouAgAM36RA=
Thread-topic: [Enterprise-ubuntu] SSSD, should I be using it?

On 02/18/2013 11:46 PM, David Burke wrote:
> I often hear people mention SSSD as a good way to authenticate to 
> Active Directory or Samba. Is SSSD production ready on Ubuntu? Is 
> there a good getting started guide?
>
>>SSSD is definitely production ready. It's already in use for a long time on Fedoras and RedHats. Although SSSD is in the universe repository, Timo Aaltonen is really providing good support for it and >>it has a MIR (main inclusion request), so it will become part of main.

>>I don't have any getting started guide, if it's not on Google, perhaps somebody else has it.

I have a sssd instalation in our environment for evaluation - if it is production ready.

I love the concept - it is definitely our choice but I would wish Ubuntu follows more closely main development stream in Fedora.

Thanks to Timo Aaltonen who kindly responded promptly when I asked for the newest  updates+bugfixed sssd-1.9.x packages and put them into ppa repository-
then I could make the test installation.
You have to start with 1.9.x version if you do not have  SFU schema extensions in AD. 
1.9.2 can work with native AD-attributtes. 

The sssd with basic services [pam nss] works fine  - and you get  all the  features you mentioned.
 You need to download 1.9.4 version from ppa repository for Precise or Quantal. 

Good place to start is http://fedorahosted.org/sssd - a lot of docs, examples, Faq.

The other possible services [sudo autofs] don't work natively with sssd yet  because they are not linked to sssd * .so libraries 
at least in Precise and Quantal. Maybe not stable enough either.
Also 'realmd'  for automatic realm discovery and joining  AD domain doesn't follow its  development in Fedora.

For full featured sssd in Ubuntu we have to still wait.

>> From the info I've seen of it, there's a lot to configure.

>Well, isn't it the same for anything else? Perhaps I am paranoid, where I need to be able to fine-tune the software as it would run on hundreds of machines, but I still believe it's the case for anything else.

I like that configuration is in one and only one, sssd.conf file - you can put also all your comment there.
Isn't it beautiful?

Longina

References

SSSD, should I be using it?
From: David Burke, 2013-02-18
Re: SSSD, should I be using it?
From: Bolesław Tokarski, 2013-02-19