[Freeipa-users] [SSSD] default_domain_suffix breaks IPA user logins
nathan at nathanpeters.com
nathan at nathanpeters.com
Wed Feb 25 20:11:10 UTC 2015
FreeIPA Server 4.1.2
FreeIPA client 3.0.0-42
I'm not sure how to go about fixing this or working around it.
In our organization we have a trust relationship between ad.somedomain.net
and ipadomain.net.
We don't want our AD users having to type username at ad.somedomain.net when
logging in to an IPA machine so we have added
default_domain_suffix = ad.somedomain.net to the [sssd] section of
sssd.conf.
This works great when logging in with an AD user. I can login using
'username' and they end up with the proper shell and home directory
/home/ad.somedomain.net/username etc.
However, when I try to login with an IPA user using the username
ipauser at ipadomain.net I am just disconnected. Removing the
default_domain_suffix line immediately fixes , but then we lose the
ability to login with AD users just typing their username.
Does anyone know how to fix this / workaround it so we can use the
default_domain_suffix option and not break internal FreeIPA user logins?
More information about the Freeipa-users
mailing list