On Fri, Jul 15, 2016 at 12:00:56PM +0000, Sullivan, Daniel [AAA] wrote:
> Thank you for your reply and inquiry.
> First, to answer your question; yes, we have been using the
> default_domain_suffix for some time. I am not sure what you mean by
> previously, but it is currently implemented and has been implemented prior to
> our 1.13 -> 1.14 upgrade.
> And yes, I am assessing a possible software regression at the
> current moment. It might be related to the default_domain_suffix
> you are inquiring about. Basically I am getting inconsistent
> results on invocation of the id command with specifying the username
> as ‘username’ or ‘username@fqdn’ on a client running 1.14
> against a DC running 1.13 (i.e. no way to reliably invoke id against a
> trusted domain account). Sometimes the command will return a result,
> and sometimes it will not.
No result or missing groups?
> Looking at nss debug logs it appears that
> a duplicate fqdn is being appended to the nss query as show here (as
> This lookup fails.
Yes, this is wrong, can you send me the full NSS and domain logs please?
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project