I ran into this exact same problem with my IPA domain in a one way external
trust to our Windows 2012 R2 AD forest. It appears that Microsoft may have
removed the routing suffix option from the Windows 2012 R2 native forest
trust gui. My solution was to follow the instructions in the "Define
Is there a option in SSSD or the plugin to turn off the normalization ?
On Tue, May 30, 2017 at 2:27 PM, Alexander Bokovoy <aboko...@redhat.com>
wrote:
> On ti, 30 touko 2017, Robert Johnson via FreeIPA-users wrote:
>
>> So I took a brand new user that I have never used in th
Red Hat Enterprise Linux Server release 7.3
ipa-server-4.4.0-14.el7_3.4.x86_64
389-ds-base-1.3.5.10-15.el7_3.x86_64
sssd-1.14.0-43.el7_3.11.x86_64
When looking at entries in the "cn=groups,cn=compat" tree, I noticed that
the entries for windows groups have the realm portion of the group name in