Thanks! I used realm to join the domain and sssd to manage authentication. I tested this in non-production before prior to migrating to prod but of course didn't realize it was an option to not require the domain name when logging in *until* my colleague requested it. I'm glad he did. I found out you can configure it using the steps below:
Edit the file /etc/sssd/sssd.conf and change the
use_fully_qualified_names setting from True to
False. The default setting is True:
Code:
use_fully_qualified_names = False
Then restart sssd:
Code:
$ sudo systemctl restart sssd.service
I verified this against my RHEL 7.6 machine and Active Directory Domain Services on Microsoft Window Server 2012
Pro tip:
add the line below to the /etc/sudoers file if you want Domain Admins group to be able to execute commands with sudo on the Linux server.
Code:
%domain\ admins ALL=(ALL) ALL
The backslash ( \ ) in %domain\ is needed as the escape character after the first word of the group name (domain admins) in order to preserve the literal value of the space character in group "domain admins" between "domain" and "admins". Once you add this line to your /etc/sudoers file, users added to the domain admins group of the domain can also run commands with sudo privilege on the Linux Servers.