2015-01-21 13:26 GMT+01:00 Longina Przybyszewska <longina(a)sdu.dk>:
Hi,
Is it possible to configure SSSD to make possible to login with short
names across trusty domains?
The sAMAccount name attribute in AD are unique, and all users have Posix
attributes assigned so there is no risk for name mismatch between different
domains.
I use ad provider and all default setting for AD backend(gc_search_enable)
;
If use_fully_qualified_names = False only users from client machines native
domain can login with shortnames; Users from other domains are “unknown”.
I can successfully make ldapsearch to Global Catalog in top domain for
login names=shortname for users from different domains:
ldapsearch -H ldap://ldap.c.example.com:3268 -Y GSSAPI -N -b
"dc=c,dc=example,dc=org"
"(&(objectClass=user)(sAMAccountName=user))"
user = user-a from
a.c.example.org
user = user-b from
b.c.example.org
Maybe you should use the uPNSuffix from domain
c.example.org for your
user accounts in domains a.c and a.b? Or add a valid one;
http://support2.microsoft.com/kb/243629. Is it possible to use that
uPNSuffix as default in SSSD?
Regards
Davor
best,
Longina
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users