Ticket #364 (closed enhancement: fixed)

Opened 4 years ago

Last modified 11 months ago

[RFE] Recognize trusted domains in AD provider

Reported by: sgallagh Owned by: jhrozek
Priority: critical Milestone: SSSD 1.10 beta
Component: AD Provider Version: 1.0.0
Keywords: Cc: mooninite
Blocked By: Blocking:
Tests Updated: no Coverity Bug:
Patch Submitted: yes Red Hat Bugzilla: 969883
Design link: https://fedorahosted.org/sssd/wiki/DesignDocs/GlobalCatalogLookups
Feature Milestone:
Design review: yes Fedora test page:
Chosen: Want Candidate to push out: no
Release Notes: If the SSSD client is joined to a Windows domain which is part of a forest, Global Catalog lookups should be able to resolve all users and groups in the forest and not only the ones from the joined domain.

Description (last modified by dpal) (diff)

This ticket changed its shape. The CIFS client and server side tickets have been forked out as separate tickets. https://fedorahosted.org/sssd/ticket/1534 https://fedorahosted.org/sssd/ticket/1573

The scope of this ticket is reduced to AD provider must support trusted domains in the similar way how ipa provider does it.

Change History

comment:1 Changed 4 years ago by sbose

  • Owner changed from somebody to sbose
  • Status changed from new to assigned

comment:2 Changed 4 years ago by sbose

  • Milestone changed from NEEDS_TRIAGE to SSSD 1.2

comment:3 Changed 4 years ago by sgallagh

  • Milestone changed from SSSD 1.2 to SSSD 1.3

comment:4 Changed 4 years ago by dpal

  • Milestone changed from SSSD 1.3 to SSSD 2.0

comment:5 Changed 3 years ago by mooninite

  • Cc mooninite added
  • upgrade set to 0

I currently use 389, Samba 3, and sssd. Windows clients can interact with Samba/389 just fine. Linux clients can use sssd/389 just fine, too. However, if a Linux user wants to keep a Windows workstation as well, they have to use smbldap-tools, or Windows, to set the Samba password in the port389 database so that their password is in sync between the UNIX and NT worlds.

IMHO, the simplest way to have sssd interact with Samba is to mimic the functionality of the smbldap-passwd perl script. Then linux clients can change passwords with traditional tools.

Samba 4 will be a different beast (built-in LDAP) so there may need to be split bugs for Samba3/4. Currently RHEL and Fedora only ship Samba 3 binaries (the samba 4 packages are libraries only, no daemons/tools) so it would be nice, and should be trivial, to add simple password support for at least Samba 3.

comment:6 Changed 3 years ago by dpal

  • Milestone changed from SSSD 2.0 to NEEDS_TRIAGE

comment:7 Changed 3 years ago by dpal

  • Owner changed from sbose to pzuna
  • Milestone changed from NEEDS_TRIAGE to SSSD 1.7.0
  • Status changed from assigned to new

This is the effort pzuna investing his time in at the moment.

comment:8 Changed 3 years ago by sgallagh

  • Component changed from Data Provider to Winbind Provider
  • Patch Submitted unset

comment:9 Changed 3 years ago by sgallagh

  • Summary changed from Implement Samba provider to Implement Winbind provider
  • Milestone changed from SSSD 1.7.0 to SSSD 1.6.0

comment:10 Changed 3 years ago by dpal

  • Milestone changed from SSSD 1.6.0 to SSSD 1.8.0

comment:11 Changed 2 years ago by dpal

  • Milestone changed from SSSD 1.8.0 to NEEDS_TRIAGE

comment:12 Changed 2 years ago by dpal

  • Milestone changed from NEEDS_TRIAGE to SSSD 1.8 AD Integration NEEDS TRIAGE

comment:13 Changed 2 years ago by dpal

  • Owner pzuna deleted
  • Milestone changed from SSSD 1.8 AD Integration NEEDS TRIAGE to SSSD Deferred

comment:14 Changed 2 years ago by dpal

  • Red Hat Bugzilla set to 0

comment:15 Changed 21 months ago by dpal

  • Summary changed from Implement Winbind provider to [RFE] Winbind feature parity
  • Description modified (diff)
  • Priority changed from minor to critical
  • Component changed from Winbind Provider to AD Provider
  • proposed_priority set to Blocker
  • Milestone changed from SSSD Deferred to Temp milestone

comment:16 Changed 20 months ago by jgalipea

  • Red Hat Bugzilla changed from 0 to todo

comment:17 Changed 20 months ago by dpal

  • Red Hat Bugzilla changed from todo to [https://bugzilla.redhat.com/show_bug.cgi?id=847870 847870]

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=847870 (Red Hat Enterprise Linux 7)

comment:18 Changed 20 months ago by dpal

  • Milestone changed from Temp milestone to SSSD 1.10 beta

Moving all the features planned for 1.10 release into 1.10 beta.

comment:19 Changed 20 months ago by dpal

  • Priority changed from critical to blocker

comment:20 Changed 19 months ago by dpal

  • Red Hat Bugzilla changed from [https://bugzilla.redhat.com/show_bug.cgi?id=847870 847870] to [https://bugzilla.redhat.com/show_bug.cgi?id=847870 847870], [https://bugzilla.redhat.com/show_bug.cgi?id=819657 819657]

comment:21 Changed 19 months ago by dpal

  • Description modified (diff)
  • Summary changed from [RFE] Winbind feature parity to [RFE] Recognize trusted domains in AD provider

comment:22 Changed 16 months ago by dpal

  • Design review unset
  • Chosen set to Want

comment:23 Changed 16 months ago by arubin

  • Priority changed from blocker to critical

comment:24 Changed 13 months ago by dpal

  • Candidate to push out unset

comment:25 Changed 11 months ago by jhrozek

  • Owner set to jhrozek
  • Patch Submitted set
  • Status changed from new to assigned

comment:26 Changed 11 months ago by jhrozek

  • Design link set to https://fedorahosted.org/sssd/wiki/DesignDocs/GlobalCatalogLookups
  • Design review set

comment:27 Changed 11 months ago by mkosek

  • Release Notes modified (diff)

comment:28 Changed 11 months ago by dpal

  • Red Hat Bugzilla [https://bugzilla.redhat.com/show_bug.cgi?id=847870 847870], [https://bugzilla.redhat.com/show_bug.cgi?id=819657 819657] deleted

comment:29 Changed 11 months ago by dpal

  • Red Hat Bugzilla set to [https://bugzilla.redhat.com/show_bug.cgi?id=847870 847870], [https://bugzilla.redhat.com/show_bug.cgi?id=819657 819657], [https://bugzilla.redhat.com/show_bug.cgi?id=969883 969883]

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=969883

comment:30 Changed 11 months ago by dpal

  • Red Hat Bugzilla changed from [https://bugzilla.redhat.com/show_bug.cgi?id=847870 847870], [https://bugzilla.redhat.com/show_bug.cgi?id=819657 819657], [https://bugzilla.redhat.com/show_bug.cgi?id=969883 969883] to [https://bugzilla.redhat.com/show_bug.cgi?id=969883 969883]

comment:31 Changed 11 months ago by jhrozek

  • Resolution set to fixed
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.