On Mon, Oct 26, 2020 at 8:04 PM Louis Abel via FreeIPA-users < [email protected]> wrote:
> > > * Like in the comments, don't add that on the IPA server's sssd.conf, only > to the clients enrolled to the IPA domain. > * I cannot remember if it also drops the @domain for the groups as well. > You'll have to test this for yourself and see. > > yes, it applies to groups as well. When you do this, you *may* have to put the AD domain as the "default_realm" in /etc/krb5.conf. If you do, just make sure that the "[domain_realm]" section has a line for that host to the IPA realm. At least that's what we've done, and things seem to work well for both the AD users and the hosts in the IPA realm. Amos
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
