On Tue, May 26, 2020 at 09:49:23AM -0700, Suchismita Panda via FreeIPA-users wrote:
Thanks Sumit for the quick reply.
Yes it is using sssd 1.13.4.
Hi,
domain resolution order support is not available in this version.
There is the deprecated option 'default_domain_suffix', see man
sssd.conf for details. If this is set to the AD domain users from this
domain can use a short name. But only users from this domain, which
means IPA users and groups must use the fully-qualified name.
Instead of using 'default_domain_suffix' I would recommend to try to
find a newer version of SSSD for you platform which supports domain
resolution order.
bye,
Sumit
*apt list --installed|grep sssdWARNING: apt does not have a stable CLI
interface. Use with caution in scripts.sssd/xenial-updates,now
1.13.4-1ubuntu1.15 amd64 [installed,automatic]sssd-ad/xenial-updates,now
1.13.4-1ubuntu1.15 amd64
[installed,automatic]sssd-ad-common/xenial-updates,now 1.13.4-1ubuntu1.15
amd64 [installed,automatic]sssd-common/xenial-updates,now
1.13.4-1ubuntu1.15 amd64 [installed,automatic]sssd-ipa/xenial-updates,now
1.13.4-1ubuntu1.15 amd64 [installed,automatic]sssd-krb5/xenial-updates,now
1.13.4-1ubuntu1.15 amd64
[installed,automatic]sssd-krb5-common/xenial-updates,now 1.13.4-1ubuntu1.15
amd64 [installed,automatic]sssd-ldap/xenial-updates,now 1.13.4-1ubuntu1.15
amd64 [installed,automatic]sssd-proxy/xenial-updates,now 1.13.4-1ubuntu1.15
amd64 [installed,automatic]sssd-tools/xenial-updates,now 1.13.4-1ubuntu1.15
amd64 [installed]*
What additional configuration can we add to support name resolution order?
TIA
On Sun, May 24, 2020 at 10:44 PM Sumit Bose via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
> On Fri, May 22, 2020 at 04:07:08PM -0700, Suchismita Panda via
> FreeIPA-users wrote:
> > Hi,
> >
> >
> >
> > We are trying to configure our FreeIPA environment. We are using
> > freeipa-client in both Ubuntu 18 and Ubuntu 16 servers. The FreeIPA
> server
> > has one way trust to our AD. We have the domain name resolution order
> > setup in the FreeIPA server. The AD users are able to ssh login to
> Ubuntu
> > 18 fluently. But in Ubuntu 16, the AD user ssh login works only with
> domain
> > name extension for AD users and fails with short name. Inside the Ubuntu
> 16
> > client, AD user lookup as well fails for short name, but works with
> domain
> > name extension.
> >
>
> Hi,
>
> which SSSD version are you using on Ubuntu 16. It looks like it has
> sssd-1.13.4 by default which does not support the domain name resolution
> order feature.
>
> bye,
> Sumit
>
> >
> >
> > Is there any extra configuration needed in sssd.conf other than the
> default
> > configuration generated by freeipa-client?
> >
> >
> >
> > TIA
>
> > _______________________________________________
> > FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> > To unsubscribe send an email to
> freeipa-users-leave(a)lists.fedorahosted.org
> > Fedora Code of Conduct:
>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...