On Wed, Aug 07, 2013 at 06:46:48PM +0000, Armstrong, Kenneth Lawrence wrote:
> I have a test environment set up where we have a trust between the IdM domain 
> and the AD domain.  When we go to log into an IdM client with an AD user, we 
> have to use the format of:
> ADDOMAIN\\usern...@idm.client.example.com
> Is there a way to prepend the domain part so that we won't have to type that 
> in every time?
> Thanks!
> -Kenny

Hi Kenny,

I think that you're looking for the "default_domain_suffix" parameter.
>From man sssd.conf:

    default_domain_suffix (string)
        This string will be used as a default domain name for all names
        without a domain name component. The main use case is environments
        where the primary domain is intended for managing host policies
        and all users are located in a trusted domain. The option allows
        those users to log in just with their user name without giving a
        domain name as well.

        Please note that if this option is set all users from the primary
        domain have to use their fully qualified name, e.g. u...@domain.name,
        to log in.

        Default: not set

The parameter should be set in the [sssd] section, not in the domain section.

Freeipa-users mailing list

Reply via email to