In IPA-AD trust environment, how to configure sssd.conf to make sure that trusted AD users would be able to login without domain component

Solution Unverified - Updated -

Issue

  • In IPA-AD trust environment, how do I make sure that trusted AD users would be able to login without domain component on IPA client?
  • For IPA -AD trust, set up an environment where Active Directory can be used as the primary user authentication source. Most user accounts would be stored in Active Directory with a handful of special purpose, Linux specific accounts (build accounts, for example) stored in IdM. When logging into a Linux IdM client with an Active Directory account, it is necessary to log in as aduser@ad.domain.com. This would be cumbersome for our end users and potentially lead to a number of transition issues.

Environment

  • Red Hat Enterprise Linux 7
  • IPA - AD Trust Environment
  • sssd

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.