-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org [mailto:sssd-users-
bounces(a)lists.fedorahosted.org] On Behalf Of Jakub Hrozek
Sent: 21. januar 2015 13:49
To: sssd-users(a)lists.fedorahosted.org
Subject: Re: [SSSD-users] login with shortname in AD cross realm
On Wed, Jan 21, 2015 at 12:26:33PM +0000, Longina Przybyszewska wrote:
> Hi,
> Is it possible to configure SSSD to make possible to login with short names
across trusty domains?
> The sAMAccount name attribute in AD are unique, and all users have Posix
attributes assigned so there is no risk for name mismatch between different
domains.
>
> I use ad provider and all default setting for AD
> backend(gc_search_enable) ;
>
> If use_fully_qualified_names = False only users from client machines native
domain can login with shortnames; Users from other domains are
"unknown".
>
> I can successfully make ldapsearch to Global Catalog in top domain for login
names=shortname for users from different domains:
>
> ldapsearch -H ldap://ldap.c.example.com:3268 -Y GSSAPI -N -b
"dc=c,dc=example,dc=org"
"(&(objectClass=user)(sAMAccountName=user))"
> user = user-a from
a.c.example.org
> user = user-b from
b.c.example.org
>
> best,
> Longina
>
Only using the default_domain_suffix option, but then you need to qualify
the primary domain IIRC..
You mean,, I have to have on all machines default-domain_suffix =
c.example.org.
I am not sure that I understand the "qualify the primary domain IIRC" del...
If client machines and servers were in
c.example.org natively, user left in subdomains
-would it help?
Best,
longina
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users