The word from Support is that this can't be done. Reading thru many threads it seems it should be "this" close to possible, so I'm asking here. Core 13.0, domain joined. Domain users & groups work fine for SMB shares, but for large file transfers from Linux rsync is desirable. SSH service must NOT allow password auth or anyone in the domain could login; I've also added Auxiliary Parameter "AllowGroups my-ad-group" to limit access. Public key can only be explicitly entered for a local user, and rsync with such a user+key works fine; but there's no way to specify a key for AD account. It would seem that if AD users got a proper auto-created homedir, one might create /.ssh/authorized_keys and get it to work.
Any chance someone has found a solution for this particular use case?
Any chance someone has found a solution for this particular use case?