On Thu, Nov 03, 2016 at 08:13:22AM -0000, downloader009(a)gmail.com wrote:
Hi,
Thanks for your reply. So, I seem to have two options;
1) upgrade the sssd version to 1.14+ and set the full_name_format=%1$s
OR
2) disable the subdomains provider and mention each domain separately in the
configuration file.
Yes.
For the second option, would it mean that I need to join the computer each domain
separately? (I mean should I run the adcli join <domain> command for each of the
child domains? I was thinking this might cause a conflict where the same computer object
exists in the parent domain as well as the child domain)
As long as the domains trust each other you should be OK with a single
keytab. You might need to explicitly specify the principal for the
'second' domain with ldap_sasl_authid though.