Re: [Freeipa-users] allow trust users to login without domain
On Wed, Apr 29, 2015 at 10:57:45AM +, Andy Thompson wrote: In the environment I'm working on currently we have a single trusted AD domain and will never have any additional domain trusts in place. Is there a way to allow users to login without using @ad_domain in their username? We use DB2 in the environment and it's from the dark ages and doesn't like usernames with more than 8 chars :/ Thanks -andy (I was searching for a different thread and found out that this message was left unanswered. Sorry about that!) default_domain_suffix is what you're looking for. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] allow trust users to login without domain
-Original Message- From: Martin Kosek [mailto:mko...@redhat.com] Sent: Wednesday, April 29, 2015 7:05 AM To: Andy Thompson; freeipa-users@redhat.com; Jakub Hrozek Subject: Re: [Freeipa-users] allow trust users to login without domain On 04/29/2015 12:57 PM, Andy Thompson wrote: In the environment I'm working on currently we have a single trusted AD domain and will never have any additional domain trusts in place. Is there a way to allow users to login without using @ad_domain in their username? We use DB2 in the environment and it's from the dark ages and doesn't like usernames with more than 8 chars :/ Thanks -andy This looks as a job for default_domain_suffix option. See man sssd.conf for details. Note that after this fix, IPA users would need to log in with fully qualified user name instead. CCing Jakub for reference. Perfect. I grepped the man page.. apparently didn't search for the right thing. Thanks much -andy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] allow trust users to login without domain
In the environment I'm working on currently we have a single trusted AD domain and will never have any additional domain trusts in place. Is there a way to allow users to login without using @ad_domain in their username? We use DB2 in the environment and it's from the dark ages and doesn't like usernames with more than 8 chars :/ Thanks -andy *** This communication may contain privileged and/or confidential information. It is intended solely for the use of the addressee. If you are not the intended recipient, you are strictly prohibited from disclosing, copying, distributing or using any of this information. If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. *** -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] allow trust users to login without domain
On 04/29/2015 12:57 PM, Andy Thompson wrote: In the environment I'm working on currently we have a single trusted AD domain and will never have any additional domain trusts in place. Is there a way to allow users to login without using @ad_domain in their username? We use DB2 in the environment and it's from the dark ages and doesn't like usernames with more than 8 chars :/ Thanks -andy This looks as a job for default_domain_suffix option. See man sssd.conf for details. Note that after this fix, IPA users would need to log in with fully qualified user name instead. CCing Jakub for reference. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project