Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1185536
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem:
In IPA-AD trust scenario, if 'default_domain_suffix = AD.domain' is set
then as per man page, ipa users must use their domainname for log in via ssh
or su. However it fails. IN the logs i could see that Authentication works
correctly, however ssh or su fails to open the session.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Configure IPA-AD trust
2. set the 'default_domain_suffix = AD_DOMAIN'
3. restart sssd and now try to log in with ipa users via ssh or su
IPA user fail to log in
IPA user should be able to log in
Setting 'use_fully_qualified_names = true' in the ipa domain section allows
users to log in. However when 'default_domain_suffix' is set then sssd (nss)
should assume that all other user should be using fully qualified domain name.
It should not be forced to define 'fully qualified' option in ipa section.
- man page of sssd.conf does not mention about necessity of setting '
use_fully_qualified_names = true'
design_review: => 0
mark: no => 0
owner: somebody => mzidek
review: True => 0
testsupdated: => 0
milestone: NEEDS_TRIAGE => SSSD 1.13 alpha
patch: 0 => 1
resolution: => fixed
status: new => closed
Metadata Update from @jhrozek:
- Issue assigned to mzidek
- Issue set to the milestone: SSSD 1.13 alpha
to comment on this ticket.