[Freeipa-users] This again :) - ssh authentication for users in complex AD forest - where am I going wrong?
Chris Dagdigian
dag at sonsorol.org
Tue Nov 22 22:28:11 UTC 2016
Simpson Lachlan wrote:
> By no means am I an expert, but isn't there meant to be a stanza in [realm] that looks like this?
>
> auth_to_local = RULE:[1:$1@$0](^.*@DOMAIN.COM$)s/@DOMAIN.COM/@domain.com/
> auth_to_local = DEFAULT
>
Appreciate the reply!
From what I can tell that stanza is not needed when there is a
localauth provider for IPA (RHEL-7/Centos-7 basically) - I think the
docs I read mentioned that the actions in the stanza are automatic or
implicit when localauth plugin is present.
Both my IPA box and test client are CentOS-7 at the moment so I did not
do the extra auth_to_local rule
Regards,
Chris
More information about the Freeipa-users
mailing list