FreeIPA Server 4.1.2 FreeIPA client 3.0.0-42 I'm not sure how to go about fixing this or working around it.
In our organization we have a trust relationship between ad.somedomain.net and ipadomain.net. We don't want our AD users having to type usern...@ad.somedomain.net when logging in to an IPA machine so we have added default_domain_suffix = ad.somedomain.net to the [sssd] section of sssd.conf. This works great when logging in with an AD user. I can login using 'username' and they end up with the proper shell and home directory /home/ad.somedomain.net/username etc. However, when I try to login with an IPA user using the username ipau...@ipadomain.net I am just disconnected. Removing the default_domain_suffix line immediately fixes , but then we lose the ability to login with AD users just typing their username. Does anyone know how to fix this / workaround it so we can use the default_domain_suffix option and not break internal FreeIPA user logins? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project