Re: [SSSD-users] login with shortname in AD cross realm

Wed, 21 Jan 2015 05:48:01 -0800 

On 01/21/2015 08:07 AM, Longina Przybyszewska wrote:

-----Original Message-----
From: [email protected] [mailto:sssd-users-
[email protected]] On Behalf Of Jakub Hrozek
Sent: 21. januar 2015 13:49
To: [email protected]
Subject: Re: [SSSD-users] login with shortname in AD cross realm

On Wed, Jan 21, 2015 at 12:26:33PM +0000, Longina Przybyszewska wrote:

Hi,
Is it possible to configure SSSD to make  possible to  login with short names

across trusty domains?

The sAMAccount name attribute in AD  are unique, and all users have Posix

attributes assigned so there is no risk for name  mismatch between different
domains.

I use ad provider and all  default setting for AD
backend(gc_search_enable) ;

If use_fully_qualified_names = False only users from client machines native

domain can login with shortnames; Users from other domains are
"unknown".

I can successfully make ldapsearch to Global Catalog in top domain for  login

names=shortname for users from different domains:

ldapsearch -H ldap://ldap.c.example.com:3268 -Y GSSAPI -N -b

"dc=c,dc=example,dc=org"
"(&(objectClass=user)(sAMAccountName=user))"

user = user-a from a.c.example.org
user = user-b from b.c.example.org

best,
Longina


Only using the default_domain_suffix option, but then you need to qualify
the primary domain IIRC..

You mean,, I have to have on all machines default-domain_suffix = c.example.org.

I am not sure that I understand the "qualify the primary domain IIRC" del...

If client machines and servers were in  c.example.org natively, user left in 
subdomains -would it help?


The primary domain will be the IPA domain.
So users in IPA domain would have to use full names.


Best,
longina



_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-users



--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

Reply via email to