Hi, I am trying to integrate TDE with Active Directory (SAMBA4). The system is fine, I can login to it on the console or via SSH with the domain user, but in the TDM login manager it doesn't work.
Does someone know what I have to do to integrate/configure, or it is not working?
thanks
deloptes via tde-users wrote:
Hi, I am trying to integrate TDE with Active Directory (SAMBA4). The system is fine, I can login to it on the console or via SSH with the domain user, but in the TDM login manager it doesn't work.
Does someone know what I have to do to integrate/configure, or it is not working?
this is from sssd domain log ... no idea for now, but will look tomorrow. If someone knows better, is welcome
Configuration hint: PAM service 'tdm-trinity' is not mapped to any Group Policy rule. If you plan to use this PAM service it is recommended to use the ad_gpo_map_* family of options to map this PAM service to a Group Policy rule. PAM services not present in any map will fall back to value set in ad_gpo_default_right, which is currently set to Denied (see manual pages 'man sssd-ad' for more details).
deloptes via tde-users wrote:
this is from sssd domain log ... no idea for now, but will look tomorrow. If someone knows better, is welcome
Configuration hint: PAM service 'tdm-trinity' is not mapped to any Group Policy rule. If you plan to use this PAM service it is recommended to use the ad_gpo_map_* family of options to map this PAM service to a Group Policy rule. PAM services not present in any map will fall back to value set in ad_gpo_default_right, which is currently set to Denied (see manual pages 'man sssd-ad' for more details).
Amazing! Googles Gemini helped me solve the issue: add in /etc/sssd/sssd.conf under [domain/DOMAIN.SMTH] ... ad_gpo_map_interactive = +tdm-trinity
I may write a how to for the wiki
-
deloptes