troubleshooting Question

Linux server - AD authentication without specifying domain name

Avatar of Kaffiend
KaffiendFlag for United States of America asked on
Linux
3 Comments1 Solution77 ViewsLast Modified:
OS: RedHat / CentOS

I can use realmd to allow specific Active Directory users/groups to log in to a Linux server.  
a1) The default behavior after joining AD and enabling these AD users to log in is: log in as ADUserName@mydomain.com, provide AD password when prompted, and you're in
b1) On login, the bash prompt looks like: ADUserName@mydomain.com@servername.  
c1) I add ADUserName@MYDOMAIN.COM to sudoers, and these users have admin rights if they need it
It all works just fine.

I had a request to make it so that (users who can't bear to type a few more characters) Ad users could log in, using their Ad password, but without having to specify the domain name
So, I make a few changes to /etc/sssd/sssd.conf and it kinda works.  I think I'm missing something.
Now, it looks like this
a2) log in as ADUserName (note: not providing name of AD domain anymore), provide AD password when prompted, and you're logged in.  So far, so good
b2) the bash prompt looks like: ADUserName@servername.  Not ideal.  This is not a local user, IMO the bash prompt should include the AD domain name.  How do I change this back?
c2) the sudoers file had previously been modified to include ADUserName@mydomain.com.  Now, the logged-in AD user can no longer use sudo.  To fix this, I had to modify the sudoers file again, specifying ADUserName instead of ADUserName@MYDOMAIN.COM.  Again, far from ideal.  This might be confusing to anyone except the person who originally set this up - not good.

How do I allow AD users to login as ADUserName (without having to specify the AD Domain) and still have the system recognize the user as ADUserName@mydomain.com, especially when it come to the sudoers file?


( I tried adding full_name_format = %1$s@%2$s to sssd.conf.  That didn't help )
ASKER CERTIFIED SOLUTION
Kaffiend

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros