I recently added a production RHEL 7 server to our active directory domain. In order to login using domain credentials via ssh, I have to type <username>@<domain> into putty. Is it possible to configure authentication so we don't have to write the "@<domain>" after the username, and only include the username?

Congratulations; you got it to work!

But, one question; why did you not do this on a TEST server before production?

What method did you use (sssd or something else)?

Thanks! I used realm to join the domain and sssd to manage authentication. I tested this in non-production before prior to migrating to prod but of course didn't realize it was an option to not require the domain name when logging in *until* my colleague requested it. I'm glad he did. I found out you can configure it using the steps below:

Edit the file /etc/sssd/sssd.conf and change the use_fully_qualified_names setting from True to False. The default setting is True:

Then restart sssd:

I verified this against my RHEL 7.6 machine and Active Directory Domain Services on Microsoft Window Server 2012

Pro tip:

add the line below to the /etc/sudoers file if you want Domain Admins group to be able to execute commands with sudo on the Linux server.

The backslash ( \ ) in %domain\ is needed as the escape character after the first word of the group name (domain admins) in order to preserve the literal value of the space character in group "domain admins" between "domain" and "admins". Once you add this line to your /etc/sudoers file, users added to the domain admins group of the domain can also run commands with sudo privilege on the Linux Servers.