Support Questions

I have SSSD working with AD on a kerberized cluster. When i login as the AD user, it requires me to append the REALM i.e. su - hr1@AD-HDP.COM. I'd like to remove the REALM appended to the username. How do I configure the users that when they login the REALM won't be required? Listed my configurations below.

[sssd.conf]

[sssd]

config_file_version = 2

domains = AD-HDP.COM

services = nss, pam

override_space = _

debug_level = 2

# [nss]: This is where we configure the NSS service

[nss]

# Filter out the users and groups that we don't want Hadoop to see. Not important. But feel free to add more if you like.

filter_groups = root

filter_users = root

reconnection_retries = 3

entry_cache_timeout = 300

entry_cache_nowait_percentage = 75

# debug levels 5 to 7 seem to be appropriate while testing. I suggest starting with level five.

debug_level = 2

[domain/AD-HDP.COM]

# Uncomment if you need offline logins

# cache_credentials = true
enumerate = true

id_provider = ad

auth_provider = ad

#access_provider = ad

debug_level = 2

# Uncomment if service discovery is not working

ad_server = [host_name_taken_out]

# Uncomment if you want to use POSIX UIDs and GIDs set on the AD side

# ldap_id_mapping = False

# Comment out if the users have the shell and home dir set on the AD side

default_shell = /bin/bash

fallback_homedir = /home/%d/%u

# Uncomment and adjust if the default principal SHORTNAME$@REALM is not available

# ldap_sasl_authid = host/client.ad.example.com@AD.EXAMPLE.COM

# Comment out if you prefer to user shortnames.

use_fully_qualified_names = true

[nsswitch.conf]

#

# /etc/nsswitch.conf

#

# An example Name Service Switch config file. This file should be

# sorted with the most-used services at the beginning.

#

# The entry '[NOTFOUND=return]' means that the search for an

# entry should stop if the search in the previous entry turned

# up nothing. Note that if the search failed due to some other reason

# (like no NIS server responding) then the search continues with the

# next entry.

#

# Valid entries include:

#

#	nisplus			Use NIS+ (NIS version 3)

#	nis			Use NIS (NIS version 2), also called YP

#	dns			Use DNS (Domain Name Service)

#	files			Use the local files

#	db			Use the local database (.db) files

#	compat			Use NIS on compat mode

#	hesiod			Use Hesiod for user lookups

#	[NOTFOUND=return]	Stop searching if not found so far

#




# To use db, put the "db" in front of "files" for entries you want to be

# looked up first in the databases

#

# Example:

#passwd:    db files nisplus nis

#shadow:    db files nisplus nis

#group:     db files nisplus nis




passwd:     files sss

shadow:     files sss

group:      files sss




#hosts:     db files nisplus nis dns

hosts:      files dns




# Example - obey only what nisplus tells us...

#services:   nisplus [NOTFOUND=return] files

#networks:   nisplus [NOTFOUND=return] files

#protocols:  nisplus [NOTFOUND=return] files

#rpc:        nisplus [NOTFOUND=return] files

#ethers:     nisplus [NOTFOUND=return] files

#netmasks:   nisplus [NOTFOUND=return] files     




bootparams: nisplus [NOTFOUND=return] files




ethers:     files

netmasks:   files

networks:   files

protocols:  files

rpc:        files

services:   files sss




netgroup:   files sss




publickey:  nisplus




automount:  files sss

aliases:    files nisplus