On Mon, Oct 24, 2016 at 11:29:06AM -0400, William Muriithi wrote: > Morning Jakub, > > >> However, I would like to tune this configuration to drop the domain > >> component of the user and group names. I tried to do this by adding > >> these settings to the [sssd] section in sssd.conf on the client: > >> > >> default_domain_suffix = example.au > >> full_name_format = %1$s > >> > >> With this configuration, I can login as a staff domain user (example.au) > >> successfully and I then see the short-name form of the groups: > >> > >> $ ssh -l r...@student.example.au ipa-client-rh7.ipa.example.au > >> [rnst@ipa-client-rh7 ~]$ groups > >> rnst > >> > >> Is this expected behaviour? Is there a possible client configuration that > >> will support our AD forest setup or is this simply not possible? > > > > What you did is quite correct, but unfortunately works only with > > RHEL-7.3 or newer as it requires sssd-1.14 or newer, sorry. > > Does one need sssd-1.14 on the IPA server only or is this required on > all the IPA clients too?
I haven't tested since I was working in this area, but I belive the clients as well. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project