On pe, 03 heinä 2020, Vinícius Ferrão wrote:
As you can see randomuser1 wasn’t being detected, then it recognised after a
full UPN query.
I’m guessing it may be related with what you said about the default domain
order.
Also I noticed this:
[root@ipa1 ~]# getent passwd ferrao
[email protected]:*:1499401105:1499401105:Vinícius Ferrão:/home/ferrao:
[root@ipa2 ~]# getent passwd ferrao
We do not support unqualified AD user and group names on IPA masters.
Please remove the corresponding setting from SSSD or default domain
order in IPA. This messes up quite a lot things.
My default domain was set with:
nix.example.com:ad.example.com
This isn’t supported? I added AD as the second domain so ssh to the
machines would be easier.
If I need to remove it, and want to keep just the login to ease login
on Unix machine I should do exactly I’ve done with the home
directories? With a per-user ID override?
I guess as long as you are using fully qualified AD users/groups names
on IPA masters, you don't need to remove the setting.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
