If default_domain_suffix is changed an IPA user requests must be fully qualified. It would be good if IPA could always qualify the admin user.
If we are to set up a replica it tries to ssh as admin and because of the sssd option it will not work so you have to remove it to set up a replica.
Expected result: Make the admin user always qualify.
Administrator should be able so setup a replica and the ssh step as admin should work without removing the default_domain_suffix from sssd.
This is probably related only to conncheck, i.e. very limited scope as such it was put to 4.4 - to qualify the ssh connection done during conncheck
attachment freeipa-frenaud-0005-2-Always-qualify-requests-for-admin-in-ipa-replica-con.patch
master:
Metadata Update from @pvoborni: - Issue assigned to frenaud - Issue set to the milestone: FreeIPA 4.4
Login to comment on this ticket.