[Freeipa-users] ipa- client rhel 6.9 support for UPN different then domain name
Sumit Bose
sbose at redhat.com
Thu Feb 2 17:30:09 UTC 2017
On Thu, Feb 02, 2017 at 04:57:05PM +0100, Jan Karásek wrote:
> Hi,
>
> I just looked into RHEL 6.9 beta repos and I can see there is sssd-client-1.13.3-53.el6.x86_64 version. I would like to know if with rhel 6.9 will come support for using different UPN then domain name. I am talking about AD trust scenario where user in AD domain sits in user at subdomain.example.com but has a UPN set to user at example.com. It has been solved in RHEL 7.3 I guess with sssd 1.14. Is ipa-client in RHEL 6.9 able to handle this situation or is there any known workaround ?
This is basically a server side feature. You need an IPA server version
which is delivered with RHEL-7.3. SSSD 1.14 in 7.3 can automatically
detect if the server supports this or not. This autodetection was not
backported to 6.9 but if your servers support it you can set
'krb5_use_enterprise_principal = true' (see man sssd-krb5 for details)
on the IPA clients with older SSSD versions.
HTH
bye,
Sumit
>
> Thanks,
> Jan
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list