#2569 In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set
Closed: Fixed None Opened 7 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1185536

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:
In IPA-AD trust scenario, if 'default_domain_suffix = AD.domain' is set
then as per man page, ipa users must use their domainname for log in via ssh
or su.  However it fails.  IN the logs i could see that Authentication works
correctly, however ssh or su  fails to open the session.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Configure IPA-AD trust
2. set the 'default_domain_suffix = AD_DOMAIN'
3. restart sssd and now try to log in with ipa users via ssh or su

Actual results:
IPA user fail to log in

Expected results:
IPA user should be able to log in

Additional info:
Setting 'use_fully_qualified_names = true' in the ipa domain section allows
users to log in. However when 'default_domain_suffix' is set then sssd (nss)
should assume that all other user should be using fully qualified domain name.
It should not be forced to define 'fully qualified' option in ipa section.

- man page of sssd.conf  does not mention about necessity of setting '
use_fully_qualified_names = true'

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
owner: somebody => mzidek
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.13 alpha

Fields changed

patch: 0 => 1

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to mzidek
- Issue set to the milestone: SSSD 1.13 alpha

5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3611

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.