Simpson Lachlan wrote:
By no means am I an expert, but isn't there meant to be a stanza in [realm] 
that looks like this?

auth_to_local = RULE:[1:$1@$0](^.*@DOMAIN.COM$)s/@DOMAIN.COM/
auth_to_local = DEFAULT

Appreciate the reply!

From what I can tell that stanza is not needed when there is a localauth provider for IPA (RHEL-7/Centos-7 basically) - I think the docs I read mentioned that the actions in the stanza are automatic or implicit when localauth plugin is present.

Both my IPA box and test client are CentOS-7 at the moment so I did not do the extra auth_to_local rule


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to