I have SSSD working with AD on a kerberized cluster. When i login as the AD user, it requires me to append the REALM i.e. su - hr1@AD-HDP.COM. I'd like to remove the REALM appended to the username. How do I configure the users that when they login the REALM won't be required? Listed my configurations below.
[sssd.conf]
[sssd]
config_file_version = 2
domains = AD-HDP.COM
services = nss, pam
override_space = _
debug_level = 2
# [nss]: This is where we configure the NSS service
[nss]
# Filter out the users and groups that we don't want Hadoop to see. Not important. But feel free to add more if you like.
filter_groups = root
filter_users = root
reconnection_retries = 3
entry_cache_timeout = 300
entry_cache_nowait_percentage = 75
# debug levels 5 to 7 seem to be appropriate while testing. I suggest starting with level five.
debug_level = 2
[domain/AD-HDP.COM]
# Uncomment if you need offline logins
# cache_credentials = true
enumerate = true
id_provider = ad
auth_provider = ad
#access_provider = ad
debug_level = 2
# Uncomment if service discovery is not working
ad_server = [host_name_taken_out]
# Uncomment if you want to use POSIX UIDs and GIDs set on the AD side
# ldap_id_mapping = False
# Comment out if the users have the shell and home dir set on the AD side
default_shell = /bin/bash
fallback_homedir = /home/%d/%u
# Uncomment and adjust if the default principal SHORTNAME$@REALM is not available
# ldap_sasl_authid = host/client.ad.example.com@AD.EXAMPLE.COM
# Comment out if you prefer to user shortnames.
use_fully_qualified_names = true
[nsswitch.conf]
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files sss
shadow: files sss
group: files sss
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: files sss
publickey: nisplus
automount: files sss
aliases: files nisplus
