On Mon, 2014-06-23 at 10:18 -0500, McNiel, Craig wrote: > I am trying to integrate an IPA domain with a windows domain and I would > like to be able to have the users authenticated to the windows domain as a > default without having to append the realm to the login credentials as we > will not be using user authentication from the IPA domain. > > > The main reason for this is the Windows domain is a corporate run domain > that has an integrated joiners and leavers process for users and groups and > we don't want to have to duplicate that effort locally however I also don't > want my users to have to type > > > logon: usern...@win.domain.com > > > I would instead like for them to just input the username and have the > REALM/Domain assumed to be WIN.DOMAIN.COM instead of IPA.DOMAIN.COM > > > I'm not certain how to configure the client for this configuration.
Look at the default_domain_suffix config option in sssd.conf Simo. > Example. > > > > **************************************** > > * Win Domain (Users and Groups)* > > **************************************** > > | > > | > > ****************** *********** > > * IPA Domain * <-----> *Clients * > > ****************** *********** > > > > Thanks ! > > > > - Craig -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project