LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Foreign Security Principals of Active Directory not showing in Linux nodes
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-13-2021, 05:02 AM   #1
rahul.buragohain
Member
 
Registered: Aug 2011
Location: India
Distribution: RedHat, Centos, Fedora, SuseLinux, Ubuntu
Posts: 56

Rep: Reputation: 1
Foreign Security Principals of Active Directory not showing in Linux nodes

Hi Team,

We have a two way trust of AD Forest (example1.com and example2.com). Linux Centos 7 node is integrated with example1.com through SSSD Realm and users in example1.com is showing properly in linux node using "id user" command which is also expected.

There are a few users in example2.com which are showing as Foreign Security Principals (FSP) in example1.com. I have attached the screenshot of example1.com for your reference.

I tried with "id S-1-5-21-....." in linux but it doesn't show the user in linux and it says no user.

Is this an expected behaviour or do I need to make any changes in SSSD side or in any configuration file in Linux?

Thanks,
Rahul
Last edited by rahul.buragohain; 08-13-2021 at 05:03 AM.
 
Old 08-14-2021, 02:46 PM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,705

Rep: Reputation: 7972Reputation: 7972Reputation: 7972Reputation: 7972Reputation: 7972Reputation: 7972Reputation: 7972Reputation: 7972Reputation: 7972Reputation: 7972Reputation: 7972
Quote:
Originally Posted by rahul.buragohain View Post
Hi Team,
We have a two way trust of AD Forest (example1.com and example2.com). Linux Centos 7 node is integrated with example1.com through SSSD Realm and users in example1.com is showing properly in linux node using "id user" command which is also expected.

There are a few users in example2.com which are showing as Foreign Security Principals (FSP) in example1.com. I have attached the screenshot of example1.com for your reference. I tried with "id S-1-5-21-....." in linux but it doesn't show the user in linux and it says no user. Is this an expected behaviour or do I need to make any changes in SSSD side or in any configuration file in Linux?
Please note we aren't on your 'team', but volunteers who try to help others. And you appear to have been working with LDAP and active directory for several years now:
https://www.linuxquestions.org/quest...rs-4175510051/
https://www.linuxquestions.org/quest...nt-4175510950/
https://www.linuxquestions.org/quest...0/#post5549645

And putting "Foreign security principals ldap active directory" into Google directs you to the Microsoft forum, where this is explained:
https://social.technet.microsoft.com...dentities.aspx

Better question would be: are you actually having any problems/difficulties???
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up Kickstart server RHEL 6.5 for compute nodes, GPU nodes and PHI nodes sho1sho1 Red Hat 3 06-23-2015 04:20 PM
Kerberos: Clarification of principals Dark_Helmet Linux - Software 1 01-17-2012 02:26 AM
Cannot delete expired principal from kerberos system, how delete principals in kerber sarajevo Linux - Security 0 10-19-2007 11:23 AM
LXer: Open Source: Understanding the Core Principals LXer Syndicated Linux News 0 02-07-2007 03:21 PM
kerberos principals mesh2005 Linux - Networking 0 12-21-2005 06:39 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:36 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration