> On 3 Jul 2020, at 05:50, Alexander Bokovoy <aboko...@redhat.com> wrote: > > On pe, 03 heinä 2020, Vinícius Ferrão wrote: >> As you can see randomuser1 wasn’t being detected, then it recognised after a >> full UPN query. >> >> I’m guessing it may be related with what you said about the default domain >> order. >> >>> Also I noticed this: >>> >>>> >>>> [root@ipa1 ~]# getent passwd ferrao >>>> fer...@ad.example.com:*:1499401105:1499401105:Vinícius >>>> Ferrão:/home/ferrao: >>>> [root@ipa2 ~]# getent passwd ferrao >>> >>> We do not support unqualified AD user and group names on IPA masters. >>> >>> Please remove the corresponding setting from SSSD or default domain >>> order in IPA. This messes up quite a lot things. >> >> My default domain was set with: >> nix.example.com:ad.example.com >> >> This isn’t supported? I added AD as the second domain so ssh to the >> machines would be easier. >> >> If I need to remove it, and want to keep just the login to ease login >> on Unix machine I should do exactly I’ve done with the home >> directories? With a per-user ID override? > > I guess as long as you are using fully qualified AD users/groups names > on IPA masters, you don't need to remove the setting.
Ok! Thank you. I’ll do some testing to see if the strange behaviour of getent will be solved removing the AD domain from default domain order. If there’s a way to undo the messing on the replica, removing the second trust controller, please let me know. > > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
