hi,
i have rhel using sssd ->the back end is AD(active directory)
i like to find out how the authentication work.
i think in order to authenticate is using kerberos (AD is configured with kerberos).
What is the role of AD?mean that the users are seeking in AD then the authentication is done with kerberos?
or the authentication is done with kerberos and authorization(cifs share) is done with AD.
tnx

It depends on how your SSSD configuration. SSSD can use LDAP or Kerberos. Look at the SSSD configuration files in /etc/sssd

sudo more /etc/krb5.conf
[sudo] password for entraam:
# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/

includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
# default_realm = EXAMPLE.COM
default_ccache_name = KEYRINGersistent:%{uid}

default_realm = DCP.ERICSSON.NET
[realms]
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }

DCP.ERICSSON.NET = {
}

[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
dcp.ericsson.net = DCP.ERICSSON.NET
.dcp.ericsson.net = DCP.ERICSSON.NET
sudo more /etc/sssd/sssd.conf
[sssd]
domains = dcp.ericsson.net
config_file_version = 2
services = nss, pam


[domain/dcp.ericsson.net]
ad_domain = dcp.ericsson.net
krb5_realm = DCP.ERICSSON.NET
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = ad