>> Actually this was the problem :
>> I had added the following line to the [sssd] section of sssd.conf :
>> default_domain_suffix = addomain.net
>> The reason I had added this is because our business asked if our active
>> directory trusted users can be allowed to login without entering their
>> fqdn. Setting the default_domain_suffix allows them to just login as
>> 'aduser' instead of 'adu...@addomain.net'.
>> However, this apparently breaks host key checking. Turning debugging on
>> the sssd up to 9 revealed that it was appending the
>> line to all hostnames (fully qualified and not) before asking FreeIPA
>> their host keys:
>> (Fri Mar 20 23:19:55 2015) [sssd[ssh]] [ssh_host_pubkeys_search_next]
>> (0x0400): Requesting SSH host public keys for
>> (Fri Mar 20 23:19:55 2015) [sssd[ssh]] [sysdb_search_ssh_hosts]
>> No such host
>> So 2 more questions:
>> 1. Is this a bug?
>> 2. If it is not a bug or is expected behavior, is there a way to both
>> A) Have ad users able to login as 'aduser' instead of
>> B) Still get host key checking working properly?
> Probably a bug.
> Thank you,
> Dmitri Pal
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
> Manage your subscription for the Freeipa-users mailing list:
> Go to http://freeipa.org for more info on the project
Hmm, if it is a bug, it still exists in the newest sssd (1.12.3-2.el7)
because I just tested it on the newest CentOS 7 client and without
default_domain_suffix set I get host key checking, but with it set, it is
failing just like it did on CentOS 6 with the older sssd.
Is there a good place to report that bug so it can hopefully get fixed?
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project