Hi,

 

We are trying to configure our FreeIPA environment. We are using freeipa-client in both Ubuntu 18 and Ubuntu 16 servers. The FreeIPA server has one way trust to our AD.  We have the domain name resolution order setup in the FreeIPA server.  The AD users are able to ssh login to Ubuntu 18 fluently. But in Ubuntu 16, the AD user ssh login works only with domain name extension for AD users and fails with short name. Inside the Ubuntu 16 client, AD user lookup as well fails for short name, but works with domain name extension.

 

Is there any extra configuration needed in sssd.conf other than the default configuration generated by freeipa-client?

 

TIA