On Fri, Jul 15, 2016 at 12:00:56PM +0000, Sullivan, Daniel [AAA] wrote: > Lukas, > > Thank you for your reply and inquiry. > > First, to answer your question; yes, we have been using the > default_domain_suffix for some time. I am not sure what you mean by > previously, but it is currently implemented and has been implemented prior to > our 1.13 -> 1.14 upgrade. > > And yes, I am assessing a possible software regression at the > current moment. It might be related to the default_domain_suffix > you are inquiring about. Basically I am getting inconsistent > results on invocation of the id command with specifying the username > as ‘username’ or ‘username@fqdn’ on a client running 1.14 > against a DC running 1.13 (i.e. no way to reliably invoke id against a > trusted domain account). Sometimes the command will return a result, > and sometimes it will not.
No result or missing groups? > Looking at nss debug logs it appears that > a duplicate fqdn is being appended to the nss query as show here (as > @[email protected]<mailto:[email protected]>). > This lookup fails. Yes, this is wrong, can you send me the full NSS and domain logs please? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
