On Tue, Nov 21, 2017 at 09:05:29AM +0100, Ronald Wimmer via FreeIPA-users wrote:
> Hi,
> in IPA I defined a user called isomeuser. This username does definitely not
> exist on the AD side.
> When I log in as root to an IPA client and issue the su command, I am
> isomeuser@ad.domain. If I do "su isomeuser@ipa.domain" I am
> isomeuser@ad.domain. The uid and gid are exactly the same.
> Why can I be isomeuser@ad.domain if that user does not exist?

I agree this sounds strange.

Do you use the domain lookup order or some options like default_domain_suffix?

Can you show the sssd_nss.log from the IPA client?
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to