On Wed, Aug 07, 2013 at 06:46:48PM +0000, Armstrong, Kenneth Lawrence wrote: > I have a test environment set up where we have a trust between the IdM domain > and the AD domain. When we go to log into an IdM client with an AD user, we > have to use the format of: > > ADDOMAIN\\usern...@idm.client.example.com > > Is there a way to prepend the domain part so that we won't have to type that > in every time? > > Thanks! > > -Kenny
Hi Kenny, I think that you're looking for the "default_domain_suffix" parameter. >From man sssd.conf: default_domain_suffix (string) This string will be used as a default domain name for all names without a domain name component. The main use case is environments where the primary domain is intended for managing host policies and all users are located in a trusted domain. The option allows those users to log in just with their user name without giving a domain name as well. Please note that if this option is set all users from the primary domain have to use their fully qualified name, e.g. u...@domain.name, to log in. Default: not set The parameter should be set in the [sssd] section, not in the domain section. _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users