Re: [Freeipa-users] Removing the requirement to add domain to users login
On Wed, Mar 23, 2016 at 01:44:13AM +, Redmond, Stacy wrote: > I have been tasked with setting up an IPA AD trust. I have my ipa server > setup, the trust is setup, and appears to be working for the most part. I > have two problems. I would like for users to login with userid only. Right > now I can only login using userid@ad_domain I am hoping there is some way > to just have it search that domain as well as the default ipa domain > > I will add my other problem, but am willing to send a second email to the > group if needed. When I login to my linux client and type id, I see lots of > groups but they don't all match the member of list I pull using an ldap > search of AD. This is expected because the list in the user entry is not complete. E.g. it is possible to created nested groups in AD and the memberships due to group nesting are not see in the LDAP entry. Cross-domain group membership are not covered here as well. HTH bye, Sumit > > IPA Server: RHEL 7.2 ipa 4.2 > Client: RHEL 7.2 > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Removing the requirement to add domain to users login
Stacy With regard to you first problem, IIRC you can have it default to a single domain – it doesn’t matter which. Users from the other domain, will need to login via the u...@my.other.domain.com<mailto:u...@my.other.domain.com> I had exactly this problem. If you want to change it, it’s the default_domain_suffix option. Cheers L. From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Redmond, Stacy Sent: Wednesday, 23 March 2016 12:44 PM To: freeipa-users@redhat.com Subject: [Freeipa-users] Removing the requirement to add domain to users login I have been tasked with setting up an IPA AD trust. I have my ipa server setup, the trust is setup, and appears to be working for the most part. I have two problems. I would like for users to login with userid only. Right now I can only login using userid@ad_domain I am hoping there is some way to just have it search that domain as well as the default ipa domain I will add my other problem, but am willing to send a second email to the group if needed. When I login to my linux client and type id, I see lots of groups but they don’t all match the member of list I pull using an ldap search of AD. IPA Server: RHEL 7.2 ipa 4.2 Client: RHEL 7.2 This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Removing the requirement to add domain to users login
I have been tasked with setting up an IPA AD trust. I have my ipa server setup, the trust is setup, and appears to be working for the most part. I have two problems. I would like for users to login with userid only. Right now I can only login using userid@ad_domain I am hoping there is some way to just have it search that domain as well as the default ipa domain I will add my other problem, but am willing to send a second email to the group if needed. When I login to my linux client and type id, I see lots of groups but they don't all match the member of list I pull using an ldap search of AD. IPA Server: RHEL 7.2 ipa 4.2 Client: RHEL 7.2 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project