On Tue, Nov 21, 2017 at 09:05:29AM +0100, Ronald Wimmer via FreeIPA-users wrote: > Hi, > > in IPA I defined a user called isomeuser. This username does definitely not > exist on the AD side. > > When I log in as root to an IPA client and issue the su command, I am > isomeuser@ad.domain. If I do "su isomeuser@ipa.domain" I am > isomeuser@ad.domain. The uid and gid are exactly the same. > > Why can I be isomeuser@ad.domain if that user does not exist?
I agree this sounds strange. Do you use the domain lookup order or some options like default_domain_suffix? Can you show the sssd_nss.log from the IPA client? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org