On Fri, Jul 15, 2016 at 12:00:56PM +0000, Sullivan, Daniel [AAA] wrote:
> Lukas,
> Thank you for your reply and inquiry.
> First, to answer your question; yes, we have been using the 
> default_domain_suffix for some time.  I am not sure what you mean by 
> previously, but it is currently implemented and has been implemented prior to 
> our 1.13 -> 1.14 upgrade.
> And yes, I am assessing a possible software regression at the
> current moment. It might be related to the default_domain_suffix
> you are inquiring about.  Basically I am getting inconsistent
> results on invocation of the id command with specifying the username
> as ‘username’ or ‘username@fqdn’ on a client running 1.14
> against a DC running 1.13 (i.e. no way to reliably invoke id against a
> trusted domain account).  Sometimes the command will return a result,
> and sometimes it will not.  

No result or missing groups?

> Looking at nss debug logs it appears that
> a duplicate fqdn is being appended to the nss query as show here (as
> @bsdad.uchicago....@bsdad.uchicago.edu<mailto:bsdad.uchicago....@bsdad.uchicago.edu>).
> This lookup fails.

Yes, this is wrong, can you send me the full NSS and domain logs please?

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to