On 04/01/2014 11:57 AM, Shijoe George wrote: > Issues with AD/IPA Trust works & how SSSD deals with AD users. > > Lets say we have a IPA domain linux.example.com & AD domain win.example.com, We setup IPA/AD trust so that Windows domain users can login into Linux, When we setup AD Trust with IPA, AD users login as username@AD_REALM, With our example above, username will be "user@xxxxxxxxxxxxxxx" Without @win.example.com that user will be searched only in IPA domain not in AD domain. That is the reason @DOMAIN part is important in SSSD when dealing with IPA-AD trust. > > With current behaviour the client-side code is stripping the domain off based on the location of the first "@" character in the value returned by the server. This results in UID/GID mappings failing and resulting in ownership on the clients as "nobody". > > With the provided patch, we can accept fully qualified usernames. Committed... steved. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
