On Wed, 2015-04-15 at 14:19 -0400, Aric Wilisch wrote: > So I would have to setup an ID View Override for every user in AD that needs > to login to to a FreeIPA host?
If you just need a different default shell you should set the default_shell option in sssd.conf > I guess I’m having trouble understanding why it wouldn’t just use the > defaults set into FreeIPA? The Default home directory is set to /home > and the default shell is set to /bin/bash. If it doesn't please open a bug, we probably should. > This is a lot of work to go to unless there’s a way to set it globally > for the entire domain. Also noticing sudo doesn’t work for those users > even though I have the ad_admins group added to the sudo group I > created. Is ad_admins a posix group ? sudo understands only those, also you need to make sure clients are using the sssd_sudo plugin for external users/groups (IIRC). Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project