FreeIPA Server 4.1.2
FreeIPA client 3.0.0-42

I'm not sure how to go about fixing this or working around it.

In our organization we have a trust relationship between

We don't want our AD users having to type when
logging in to an IPA machine so we have added
default_domain_suffix  = to the [sssd] section of

This works great when logging in with an AD user.  I can login using
'username' and they end up with the proper shell and home directory
/home/ etc.

However, when I try to login with an IPA user using the username I am just disconnected.  Removing the
default_domain_suffix line immediately fixes , but then we lose the
ability to login with AD users just typing their username.

Does anyone know how to fix this / workaround it so we can use the
default_domain_suffix option and not break internal FreeIPA user logins?

Manage your subscription for the Freeipa-users mailing list:
Go To for more info on the project

Reply via email to