On 19 October 2017 at 20:37, Chris Samuel <sam...@unimelb.edu.au> wrote:
> > On Thursday, 19 October 2017 7:41:37 PM AEDT Nadav Toledo wrote: > > > running : id -u domain_name\\username , does return its uid > > So your system is not finding users as just "username", but instead only as > domain_name\\username which is probably not ideal. > > You probably want to see if you can find a way to have a default domain > that > maps to your AD domain name (assuming you only have one). > > A RHEL7 system I help with was originally using AD for users via sssd, in > that > configuration the usernames were of the form user@domain and we were > stuck with > that as there were staff in one domain and students in another. > Latest version of sssd can take shortnames and search through domains. Setting these two in the sssd stanza of /etc/sssd/sssd.conf might help. First sets the domains to be searched and order in which to search them, second makes everything in front of the @ in the login name the display name (noting that domain_name\\myname == myname@domain_name.com) domain_resolution_order = unix.mydomain.com,mydomain.com full_name_format = %1$s See: https://docs.pagure.org/SSSD.sssd/design_pages/shortnames.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sssd-user-ids.html I have this working in house - using IPA 4.5 and SSSD 1.15.3-1 from COPR on CentOS 7.4 https://copr.fedorainfracloud.org/coprs/g/sssd/sssd-1-15/ cheers L. ------ "The antidote to apocalypticism is *apocalyptic civics*. Apocalyptic civics is the insistence that we cannot ignore the truth, nor should we panic about it. It is a shared consciousness that our institutions have failed and our ecosystem is collapsing, yet we are still here — and we are creative agents who can shape our destinies. Apocalyptic civics is the conviction that the only way out is through, and the only way through is together. " *Greg Bloom* @greggish https://twitter.com/greggish/status/873177525903609857
