Am Tue, Jun 14, 2022 at 12:48:52PM -0400 schrieb Ranbir via FreeIPA-users: > Hello Everyone, > > I have a situation where users' UPN in AD for the domain that my ipa > domain has a trust with has been modified to look nothing like the > domain account. The user name and suffix entered in the UPN don't match > the AD account name or the trusted domain. > > I've used ipa trust-mod to add two suffixes where one matches the AD > domain and the other matches what's entered in the UPN. > > I've looked through the man pages for sssd-ad and sssd-ldap, but I > didn't immediately see an option that would allow me to modify what's > being searched for the user name in the UPN. I'm looking through the > man pages again. But, I figured I should ask here, too: is it possible > to also modify the "user name" portion of the UPN that's being looked > up for the trusted account? >
Hi, it you have an AD user with samAccountName=abc in a domain called ad.dom which has set [email protected] calling getent passwd [email protected] should return the user entry for [email protected]. If this does not work for you, please add debug_level=9 to the [domain/...] and [nss] sections of sssd.conf, restart SSSD, try again and send the logs. Please start with this on a IPA server. bye, Sumit > > -- > Ranbir > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
