Bug 1405584

Summary: SSH: default_domain_suffix is not being used for users' authorized keys
Product: Red Hat Enterprise Linux 7 Reporter: Marcel Kolaja <mkolaja>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: high Docs Contact:
Priority: high    
Version: 7.3CC: arajendr, enewland, grajaiya, jgalipea, jhrozek, kbanerje, lslebodn, mkosek, mzidek, nsoman, pbrezina, preichl, sgoveas, sssd-maint, sumenon, tscherf
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.14.0-43.el7_3.12 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1401816 Environment:
Last Closed: 2017-04-12 12:33:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1401816    
Bug Blocks:    

Description Marcel Kolaja 2016-12-16 18:53:30 UTC
This bug has been copied from bug #1401816 and has been proposed
to be backported to 7.3 z-stream (EUS).

Comment 3 Jakub Hrozek 2016-12-19 09:12:54 UTC
The patches are available and I dev_acked the bug. However, I'm not going to build the z-stream package until the current z-stream update is all verified in case we needed to respin the current update.

Comment 9 Sudhir Menon 2017-03-20 13:19:23 UTC
1. Set below parameters in sssd.conf on IPA-client
where pne.qe is the trusted AD domain

default_domain_suffix = pne.qe 
use_fully_qualified_names = true

2. from ipa master logged in to ipa-client where aduser16 is aduser

ssh -o StrictHostKeyChecking=yes -l aduser16 cloudqe17.testrelm.test
Could not chdir to home directory /home/pne.qe/aduser16: No such file or directory
-sh-4.2$


Verified using sssd-1.14.0-43.el7_3.14.x86_64

Comment 11 errata-xmlrpc 2017-04-12 12:33:59 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0908