[Freeipa-users] Removing the requirement to add domain to users login
Sumit Bose
sbose at redhat.com
Wed Mar 23 08:37:38 UTC 2016
On Wed, Mar 23, 2016 at 01:44:13AM +0000, Redmond, Stacy wrote:
> I have been tasked with setting up an IPA AD trust. I have my ipa server setup, the trust is setup, and appears to be working for the most part. I have two problems. I would like for users to login with userid only. Right now I can only login using userid at ad_domain I am hoping there is some way to just have it search that domain as well as the default ipa domain
>
> I will add my other problem, but am willing to send a second email to the group if needed. When I login to my linux client and type id, I see lots of groups but they don't all match the member of list I pull using an ldap search of AD.
This is expected because the list in the user entry is not complete.
E.g. it is possible to created nested groups in AD and the memberships
due to group nesting are not see in the LDAP entry. Cross-domain group
membership are not covered here as well.
HTH
bye,
Sumit
>
> IPA Server: RHEL 7.2 ipa 4.2
> Client: RHEL 7.2
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list