On pe, 03 heinä 2020, Vinícius Ferrão wrote:
As you can see randomuser1 wasn’t being detected, then it recognised
after a full UPN query.
I’m guessing it may be related with what you said about the default domain order.
> Also I noticed this:
>
>> [root@ipa1
~]# getent passwd ferrao
ferrao@ad.example.com:*:1499401105:1499401105:Vinícius Ferrão:/home/ferrao:
[root@ipa2 ~]# getent passwd ferrao
>
> We do not support unqualified AD user and group names on IPA masters.
>
> Please remove the corresponding setting from SSSD or default domain
> order in IPA. This messes up quite a lot things.
My default domain was set with:
nix.example.com:ad.example.com
This isn’t supported? I added AD as the second domain so ssh to the
machines would be easier.
If I need to remove it, and want to keep just the login to ease login
on Unix machine I should do exactly I’ve done with the home
directories? With a per-user ID override?
I guess as long as you are using fully qualified AD users/groups names
on IPA masters, you don't need to remove the setting.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland