[Freeipa-users] This again :) - ssh authentication for users in complex AD forest - where am I going wrong?

[Simpson Lachlan]

> -----Original Message-----
> From: Chris Dagdigian [mailto:dag at sonsorol.org]
> Sent: Wednesday, 23 November 2016 9:28 AM
> To: Simpson Lachlan
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] This again :) - ssh authentication for users in complex
> AD forest - where am I going wrong?
> 
> Simpson Lachlan wrote:
> > By no means am I an expert, but isn't there meant to be a stanza in [realm] that
> looks like this?
> >
> > auth_to_local =
> > RULE:[1:$1@$0](^.*@DOMAIN.COM$)s/@DOMAIN.COM/@domain.com/
> > auth_to_local = DEFAULT
> >
> 
> Appreciate the reply!
> 
>  From what I can tell that stanza is not needed when there is a localauth provider for
> IPA (RHEL-7/Centos-7 basically) - I think the docs I read mentioned that the actions
> in the stanza are automatic or implicit when localauth plugin is present.
> 
> Both my IPA box and test client are CentOS-7 at the moment so I did not do the
> extra auth_to_local rule

Oh! So do I. I don't need it either? Damn. Thanks for the tip.

Cheers
L.
This email (including any attachments or links) may contain 
confidential and/or legally privileged information and is 
intended only to be read or used by the addressee.  If you 
are not the intended addressee, any use, distribution, 
disclosure or copying of this email is strictly 
prohibited.  
Confidentiality and legal privilege attached to this email 
(including any attachments) are not waived or lost by 
reason of its mistaken delivery to you.
If you have received this email in error, please delete it 
and notify us immediately by telephone or email.  Peter 
MacCallum Cancer Centre provides no guarantee that this 
transmission is free of virus or that it has not been 
intercepted or altered and will not be liable for any delay 
in its receipt.