On pe, 03 heinä 2020, Vinícius Ferrão wrote:
As you can see randomuser1 wasn’t being detected, then it recognised after a full UPN query.
I’m guessing it may be related with what you said about the default domain order.
Also I noticed this:
[root@ipa1 ~]# getent passwd ferrao ferrao@ad.example.com:*:1499401105:1499401105:Vinícius Ferrão:/home/ferrao: [root@ipa2 ~]# getent passwd ferrao
We do not support unqualified AD user and group names on IPA masters.
Please remove the corresponding setting from SSSD or default domain order in IPA. This messes up quite a lot things.
My default domain was set with: nix.example.com:ad.example.com
This isn’t supported? I added AD as the second domain so ssh to the machines would be easier.
If I need to remove it, and want to keep just the login to ease login on Unix machine I should do exactly I’ve done with the home directories? With a per-user ID override?
I guess as long as you are using fully qualified AD users/groups names on IPA masters, you don't need to remove the setting.