Previously we did have the default_domain_suffix set, but we had to unset it. I can't remember why we had to - something to do with ownership/permissions and our filesystem (IBM v7000) not playing nice iirc. We really wanted to use the dds => the researchers are complaining of broken brains due to the new concept of "ssh us...@domain.com@ipa.domain.com". I will need to teach ssh config.
Cheers L. ------ The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper On 15 July 2016 at 17:56, Jakub Hrozek <jhro...@redhat.com> wrote: > On Fri, Jul 15, 2016 at 01:07:00PM +1000, Lachlan Musicman wrote: > > I've updated all the relevant hosts and the FreeIPA server to the COPR > sssd > > 1.14.0 release and the problem seems to have disappeared. > > Great, but please keep an eye on the machine, the 1.14 branch is still > kindof fresh and we did a lot of changes. > > About the HBAC issue, did you use the default_domain_suffix previously? > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project