On Tue, Apr 16, 2019 at 09:06:44AM +0200, Ronald Wimmer via FreeIPA-users wrote:
I have managed to login to an IPA client with a non-existing user.
My AD user is z123456(a)addomain.mydomain.at and I have created a similar user
called i123456(a)ipadomain.mydomain.at. What happened now is that I could log
in with the i-User and what I get to see after logging in is this:
[email@example.com(a)as12314 ~]$ id
[firstname.lastname@example.org(a)as12314 ~]$ whoami
The user i123456(a)addomain.mydomain.at does NOT exist.
addomain is set as default domain in the client's sssd.conf.
Does this change if you remove the default_domain_suffix option from the
client? Is this option set on the server as well? What is currently
displayed for the user on the server?
In general default_domain_suffix should not be used anymore, better is
to define a domain lookup order on the IPA server.
What is wrong here? Are things just displayed wrong or could it be more?
Are the numeric UIDs and GIDs the expected ones?
Which files do you need in order to analyze this issue?
It would be good to see the full LDAP objects of the AD user and the IPA
user and sssd.conf from the IPA server and the client. This might
already give some idea but chances are we need the full logs as well.
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: