In IPA-AD trust environment, how to configure sssd.conf to make sure that trusted AD users would be able to login without domain component

Solution Verified - Updated -

Issue

  • In IPA-AD trust environment, how do I make sure that trusted AD users would be able to login without domain component on IPA client?

  • For IPA -AD trust, set up an environment where Active Directory can be used as the primary user authentication source. Most user accounts would be stored in Active Directory with a handful of special purpose, Linux specific accounts (build accounts, for example) stored in IdM. When logging into a Linux IdM client with an Active Directory account, it is necessary to log in as aduser@ad.domain.com. This would be cumbersome for our end users and potentially lead to a number of transition issues.

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
  • IPA - AD Trust Environment
  • SSSD

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content