On 04/29/2015 12:57 PM, Andy Thompson wrote: > In the environment I'm working on currently we have a single trusted AD > domain and will never have any additional domain trusts in place. Is there > a way to allow users to login without using @ad_domain in their username? > We use DB2 in the environment and it's from the dark ages and doesn't like > usernames with more than 8 chars :/ > > Thanks > > -andy
This looks as a job for default_domain_suffix option. See "man sssd.conf" for details. Note that after this fix, IPA users would need to log in with fully qualified user name instead. CCing Jakub for reference. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project