I don't have much experience in linux tools for infrastructure and authentication with Active Directory.
I'm trying to set up authentication via AD on Ubuntu 22.04.
The structure we use is as follows:
- we have a local AD with windows server 2019, I will nickname it DOMAIN1;
- an AD in another geographic location that we connect via VPN, I don't know which version of Windows, I'll call it DOMAIN2.
There is a two-way trust between the 2 domains.
On Windows machines authentication on both domains works perfectly.
In DOMAIN1 we have access permission as an administrator. Using the sssd-ad sssd-tools realmd adcli packages in Ubuntu 22.04 I was able to configure DOMAIN1 on the machine and login with DOMAIN1 users.
However, when trying to login with users who are in DOMAIN2, it is not possible to perform authentication.
All of our users are in DOMAIN2, in DOMAIN1 we only have a few for specific cases.
I checked the possibility of configuring two domains, like here: https://www.thegeekdiary.com/how-to-configure-sssd-to-work-with-multiple-active-directory-domains-in-different-forests-centos-rhel/. However, for the command
adcli -vvv join --host-keytab=/etc/krb5.keytab.domain2.com domain2.com -U [email protected]
the user needs to have administrator permission on DOMAIN2, being that I don't have access to a user with admin permission on DOMAIN2. DOMAIN2 is managed by another team, and, before bothering them, I would like to know if there is any way to configure it without needing a user with administrator permissions.
Is there a possibility to configure domains with bidirectional trust without having to perform the join procedure in DOMAIN2? Or something along those lines?
Thanks in advance for your help.
