OS: RedHat / CentOS
I can use realmd to allow specific Active Directory users/groups to log in to a Linux server.
a1) The default behavior after joining AD and enabling these AD users to log in is: log in as ADUserName@mydomain.com, provide AD password when prompted, and you're in
b1) On login, the bash prompt looks like: ADUserName@mydomain.com@servername.
c1) I add ADUserName@MYDOMAIN.COM to sudoers, and these users have admin rights if they need it
It all works just fine.
I had a request to make it so that (users who can't bear to type a few more characters) Ad users could log in, using their Ad password, but without having to specify the domain name
So, I make a few changes to /etc/sssd/sssd.conf and it kinda works. I think I'm missing something.
Now, it looks like this
a2) log in as ADUserName (note: not providing name of AD domain anymore), provide AD password when prompted, and you're logged in. So far, so good
b2) the bash prompt looks like: ADUserName@servername. Not ideal. This is not a local user, IMO the bash prompt should include the AD domain name. How do I change this back?
c2) the sudoers file had previously been modified to include ADUserName@mydomain.com. Now, the logged-in AD user can no longer use sudo. To fix this, I had to modify the sudoers file again, specifying ADUserName instead of ADUserName@MYDOMAIN.COM. Again, far from ideal. This might be confusing to anyone except the person who originally set this up - not good.
How do I allow AD users to login as ADUserName (without having to specify the AD Domain) and still have the system recognize the user as ADUserName@mydomain.com, especially when it come to the sudoers file?
( I tried adding full_name_format = %1$s@%2$s to sssd.conf. That didn't help )