> -----Original Message-----
> From: sssd-users-bounces(a)lists.fedorahosted.org [mailto:sssd-users-
> bounces(a)lists.fedorahosted.org] On Behalf Of Jakub Hrozek
> Sent: 21. januar 2015 13:49
> To: sssd-users(a)lists.fedorahosted.org
> Subject: Re: [SSSD-users] login with shortname in AD cross realm
>
> On Wed, Jan 21, 2015 at 12:26:33PM +0000, Longina Przybyszewska wrote:
>> Hi,
>> Is it possible to configure SSSD to make possible to login with short names
> across trusty domains?
>> The sAMAccount name attribute in AD are unique, and all users have Posix
> attributes assigned so there is no risk for name mismatch between different
> domains.
>> I use ad provider and all default setting for AD
>> backend(gc_search_enable) ;
>>
>> If use_fully_qualified_names = False only users from client machines native
> domain can login with shortnames; Users from other domains are
> "unknown".
>> I can successfully make ldapsearch to Global Catalog in top domain for login
> names=shortname for users from different domains:
>> ldapsearch -H ldap://ldap.c.example.com:3268 -Y GSSAPI -N -b
> "dc=c,dc=example,dc=org"
> "(&(objectClass=user)(sAMAccountName=user))"
>> user = user-a from
a.c.example.org
>> user = user-b from
b.c.example.org
>>
>> best,
>> Longina
>>
> Only using the default_domain_suffix option, but then you need to qualify
> the primary domain IIRC..
You mean,, I have to have on all machines default-domain_suffix =
c.example.org.
I am not sure that I understand the "qualify the primary domain IIRC" del...
If client machines and servers were in
c.example.org natively, user left in subdomains
-would it help?
The primary domain will be the IPA domain.
So users in IPA domain would have to use full names.
Best,
longina
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.