Hi, thank you for help. I am running RHEL 7.3 on IPA serveres and with RHEL 7.3 clients it works really nice. Trouble is on RHEL 6 machines. I have tried to add krb5_use_enterprise_principal = true into domain section of sssd.conf on RHEL 6 IPA clients but problem still persists. Is there anything else that should be set ? I have restarted sssd service, both on servers and client, empty sssd_cache and so on but I am still unable resolve users(on RHEL 6) with short UPN - id and getent passwd return no such user...We still have more servers on RHEL 6 then on RHEL 7.
Thanks, Jan > Hi, > > I just looked into RHEL 6.9 beta repos and I can see there is > sssd-client-1.13.3-53.el6.x86_64 version. I would like to know if with rhel > 6.9 will come support for using different UPN then domain name. I am talking > about AD trust scenario where user in AD domain sits in > u...@subdomain.example.com but has a UPN set to u...@example.com. It has been > solved in RHEL 7.3 I guess with sssd 1.14. Is ipa-client in RHEL 6.9 able to > handle this situation or is there any known workaround ? This is basically a server side feature. You need an IPA server version which is delivered with RHEL-7.3. SSSD 1.14 in 7.3 can automatically detect if the server supports this or not. This autodetection was not backported to 6.9 but if your servers support it you can set 'krb5_use_enterprise_principal = true' (see man sssd-krb5 for details) on the IPA clients with older SSSD versions. HTH bye, Sumit > > Thanks, > Jan > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
