Re: [Freeipa-users] allow trust users to login without domain
On Wed, Apr 29, 2015 at 10:57:45AM +, Andy Thompson wrote: In the environment I'm working on currently we have a single trusted AD domain and will never have any additional domain trusts in place. Is there a way to allow users to login without using @ad_domain in their username? We use DB2 in the environment and it's from the dark ages and doesn't like usernames with more than 8 chars :/ Thanks -andy (I was searching for a different thread and found out that this message was left unanswered. Sorry about that!) default_domain_suffix is what you're looking for. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] allow trust users to login without domain
-Original Message- From: Martin Kosek [mailto:mko...@redhat.com] Sent: Wednesday, April 29, 2015 7:05 AM To: Andy Thompson; freeipa-users@redhat.com; Jakub Hrozek Subject: Re: [Freeipa-users] allow trust users to login without domain On 04/29/2015 12:57 PM, Andy Thompson wrote: In the environment I'm working on currently we have a single trusted AD domain and will never have any additional domain trusts in place. Is there a way to allow users to login without using @ad_domain in their username? We use DB2 in the environment and it's from the dark ages and doesn't like usernames with more than 8 chars :/ Thanks -andy This looks as a job for default_domain_suffix option. See man sssd.conf for details. Note that after this fix, IPA users would need to log in with fully qualified user name instead. CCing Jakub for reference. Perfect. I grepped the man page.. apparently didn't search for the right thing. Thanks much -andy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] allow trust users to login without domain
On 04/29/2015 12:57 PM, Andy Thompson wrote: In the environment I'm working on currently we have a single trusted AD domain and will never have any additional domain trusts in place. Is there a way to allow users to login without using @ad_domain in their username? We use DB2 in the environment and it's from the dark ages and doesn't like usernames with more than 8 chars :/ Thanks -andy This looks as a job for default_domain_suffix option. See man sssd.conf for details. Note that after this fix, IPA users would need to log in with fully qualified user name instead. CCing Jakub for reference. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project