On 29.09.22 10:24, Alexander Bokovoy via FreeIPA-users wrote:
On to, 29 syys 2022, Ronald Wimmer via FreeIPA-users wrote:
> On 29.09.22 07:43, Sumit Bose via FreeIPA-users wrote:
>> Am Wed, Sep 28, 2022 at 09:29:46PM +0200 schrieb Ronald Wimmer via
>> FreeIPA-users:
>>> On 28.09.22 20:18, Rob Crittenden wrote:
>>>> Ronald Wimmer via FreeIPA-users wrote:
>>>>> We set up IPA in a new network segment. Everything works fine but
>>>>> when I
>>>>> issue
>>>>>
>>>>> getent passwd someipausername
>>>>>
>>>>> I do not get
>>>>>
>>>>> somipausername(a)ipadomain.xyz
>>>>>
>>>>> Only someipausername is shown without the domain part. Why? Did this
>>>>> become something I need to enable explicitly?
>>>>
>>>> Need more info. What does your installation look like? Do you have AD
>>>> trust? What is the domain that isn't showing up?
>>>
>>> Two IPA servers. Both trust controllers. Trust to an AD domain. The
>>> user
>>> where the domain is not shown is an IPA user. If I do a getent passwd
>>> someaduser(a)ad.domain, the ad domain is shown.
>>
>> Hi,
>>
>> it is the default behavior that IPA users and groups are shown with
>> short names while users and groups from trusted domains are shown with
>> fully-qualified names.
>
> Thanks for clarifying this. However, is there a setting somewhere to
> change this behaviour? (In our older IPA setup also the IPA users are
> displayed with their fully-qualified names)
It was done by someone on purpose then.
See
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/...
Thanks. That works.
(But I think the documentation is not very clear about the fact that
setting the domain resolution order leads to the fully qualified
usernames...)