[Freeipa-users] AD user log in
Jakub Hrozek
jhrozek at redhat.com
Wed Aug 7 19:01:06 UTC 2013
On Wed, Aug 07, 2013 at 06:46:48PM +0000, Armstrong, Kenneth Lawrence wrote:
> I have a test environment set up where we have a trust between the IdM domain and the AD domain. When we go to log into an IdM client with an AD user, we have to use the format of:
>
> ADDOMAIN\\username at idm.client.example.com
>
> Is there a way to prepend the domain part so that we won't have to type that in every time?
>
> Thanks!
>
> -Kenny
Hi Kenny,
I think that you're looking for the "default_domain_suffix" parameter.
>From man sssd.conf:
default_domain_suffix (string)
This string will be used as a default domain name for all names
without a domain name component. The main use case is environments
where the primary domain is intended for managing host policies
and all users are located in a trusted domain. The option allows
those users to log in just with their user name without giving a
domain name as well.
Please note that if this option is set all users from the primary
domain have to use their fully qualified name, e.g. user at domain.name,
to log in.
Default: not set
The parameter should be set in the [sssd] section, not in the domain section.
More information about the Freeipa-users
mailing list