Thanks Sumit for the quick reply.

Yes it is using sssd 1.13.4. 
 
apt list --installed|grep sssd

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

sssd/xenial-updates,now 1.13.4-1ubuntu1.15 amd64 [installed,automatic]
sssd-ad/xenial-updates,now 1.13.4-1ubuntu1.15 amd64 [installed,automatic]
sssd-ad-common/xenial-updates,now 1.13.4-1ubuntu1.15 amd64 [installed,automatic]
sssd-common/xenial-updates,now 1.13.4-1ubuntu1.15 amd64 [installed,automatic]
sssd-ipa/xenial-updates,now 1.13.4-1ubuntu1.15 amd64 [installed,automatic]
sssd-krb5/xenial-updates,now 1.13.4-1ubuntu1.15 amd64 [installed,automatic]
sssd-krb5-common/xenial-updates,now 1.13.4-1ubuntu1.15 amd64 [installed,automatic]
sssd-ldap/xenial-updates,now 1.13.4-1ubuntu1.15 amd64 [installed,automatic]
sssd-proxy/xenial-updates,now 1.13.4-1ubuntu1.15 amd64 [installed,automatic]
sssd-tools/xenial-updates,now 1.13.4-1ubuntu1.15 amd64 [installed]

What additional configuration can we add to support name resolution order?

TIA


On Sun, May 24, 2020 at 10:44 PM Sumit Bose via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:
On Fri, May 22, 2020 at 04:07:08PM -0700, Suchismita Panda via FreeIPA-users wrote:
> Hi,
>
>
>
> We are trying to configure our FreeIPA environment. We are using
> freeipa-client in both Ubuntu 18 and Ubuntu 16 servers. The FreeIPA server
> has one way trust to our AD.  We have the domain name resolution order
> setup in the FreeIPA server.  The AD users are able to ssh login to Ubuntu
> 18 fluently. But in Ubuntu 16, the AD user ssh login works only with domain
> name extension for AD users and fails with short name. Inside the Ubuntu 16
> client, AD user lookup as well fails for short name, but works with domain
> name extension.
>

Hi,

which SSSD version are you using on Ubuntu 16. It looks like it has
sssd-1.13.4 by default which does not support the domain name resolution
order feature.

bye,
Sumit

>
>
> Is there any extra configuration needed in sssd.conf other than the default
> configuration generated by freeipa-client?
>
>
>
> TIA

> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org