Probably not the best place to put this information, but I figure here
is better than no where...
I'm tinkering with authentication a Debian (10.1) box via Active
Directory, so that an AD user can log into the Debian box.
The relevant /etc/sssd/sssd.conf file has the following modification:
use_fully_qualified_names = False
If I have a local account (say, "westk") and a domain account of the
same name, but with a different password, I can log into the Debian box
with the domain "westk"/password, but the "id" command shows me then to
be logged in as the local "westk".
The result is that if I have a local account that belongs to a
completely different person than a person with a domain account of the
same name, the domain account person, upon login, becomes the local
account person, with full access as that person.
Advice? Suggestions? Questions?
Thanks!
--
Kent
