Morning Jakub,

>>  However, I would like to tune this configuration to drop the domain
>>  component of the user and group names.  I tried to do this by adding
>>  these settings to the [sssd] section in sssd.conf on the client:
>>    default_domain_suffix =
>>     full_name_format = %1$s
>>  With this configuration, I can login as a staff domain user (
>> successfully and I then see the short-name form of the groups:
>>     $ ssh -l
>>     [rnst@ipa-client-rh7 ~]$ groups
>>     rnst
>> Is this expected behaviour?  Is there a possible client configuration that
>> will support our AD forest setup or is this simply not possible?
> What you did is quite correct, but unfortunately works only with
> RHEL-7.3 or newer as it requires sssd-1.14 or newer, sorry.

Does one need  sssd-1.14 on the IPA server only or is this required on
all the IPA clients too?


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to