[Freeipa-users] Is WinSync A Bad Choice?
Jakub Hrozek
jhrozek at redhat.com
Thu Feb 2 08:32:37 UTC 2017
On Wed, Feb 01, 2017 at 04:19:39PM -0600, Jason B. Nance wrote:
> >> - Users can't login to a Linux box using just "username" (user at ad.domain is
> >> used)
> >
> > In the current version you can use the 'default_domain_suffix' option in
> > sssd.conf on the clients. In RHEL-7.4 we are looking into making this
> > limitation go away.
>
> Thank you very much, Jakub. That is helpful information! Are you saying that there will basically be a domain search order or something for users that login without specifying a domain?
For the IPA-AD case, probably:
https://fedorahosted.org/sssd/ticket/3210
For the direct AD integration case (which will share the underlying code
with the IPA-AD integration case), the admin would opt-in with a
sssd.conf option, essentially saying 'let me always use shortnames for
all domains, there are no name conflicts' and then sssd would not
require shortnames for trusted domains.
The ticket that tracks the shortname-for-trusted-domains case in general
is:
https://fedorahosted.org/sssd/ticket/3001
Please note the tickets are in the "Future releases" milestone at the
moment, but we do plan them for the next RHEL release; the upstream
milestones just need a bit more grooming.
More information about the Freeipa-users
mailing list