[Freeipa-users] IPA-AD trust group membership: display 'short' group names for *two* AD domains?
William Muriithi
william.muriithi at gmail.com
Mon Oct 24 15:29:06 UTC 2016
Morning Jakub,
>> However, I would like to tune this configuration to drop the domain
>> component of the user and group names. I tried to do this by adding
>> these settings to the [sssd] section in sssd.conf on the client:
>>
>> default_domain_suffix = example.au
>> full_name_format = %1$s
>>
>> With this configuration, I can login as a staff domain user (example.au)
>> successfully and I then see the short-name form of the groups:
>>
>> $ ssh -l rnst at student.example.au ipa-client-rh7.ipa.example.au
>> [rnst at ipa-client-rh7 ~]$ groups
>> rnst
>>
>> Is this expected behaviour? Is there a possible client configuration that
>> will support our AD forest setup or is this simply not possible?
>
> What you did is quite correct, but unfortunately works only with
> RHEL-7.3 or newer as it requires sssd-1.14 or newer, sorry.
Does one need sssd-1.14 on the IPA server only or is this required on
all the IPA clients too?
Regards,
William
More information about the Freeipa-users
mailing list