> >1) IPA Client Login issue. > >In IPA client, if Windows AD user want to login, It need to type full name > >such as 'userA@win_ad.com'. How do I let Windows AD user logon only with > >their username? That means only use 'userA' to logon IPA Client PC rather > >than 'userA@win_ad.com' ? > Not supported. There could be some obscure SSSD setting to allow one > SSSD domain (as in /etc/sss/sssd.conf) be default but since trusted AD > domains are represented as subdomains of a single IPA provider, full UPN is > used to distinguish and discover which subdomain they belong to for > performance reasons.
Actually you can use "default_domain_suffix" in the [sssd] section. But then you need to fully-qualify the users from the IPA domain. default_domain_suffix (string) This string will be used as a default domain name for all names without a domain name component. The main use case is environments where the primary domain is intended for managing host policies and all users are located in a trusted domain. The option allows those users to log in just with their user name without giving a domain name as well. Please note that if this option is set all users from the primary domain have to use their fully qualified name, e.g. u...@domain.name, to log in. Default: not set _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users