Hello @CarlZeigler ,
I did have a quick look in the AD Provider documentation for SSSD and couldn't find a description of this. I found this by examining the debug logging for SSSD. Also for writing this answer I created a Test User in my Active Directory with the following attributes:
Display name: Test User
E-mail: testuser_email@email.domain.com
User logon name: testuserUPN@gellab.net
User logon name (pre-Windows 2000): GELLAB\testuser
sAMAccountName: testuser
User Principal Name: testuserUPN
From a Linux host joined to the domain and using the AD Provider for all SSSD provider options (essentially the default sssd.conf after using realm join - just with use_fully_qualified_names = False set) I was able to run the following:
getent passwd testuser
testuser:*:1094009125:1094000513:Test User:/home/testuser:/bin/bash
getent passwd testuserUPN@GELLAB.NET
testuser:*:1094009125:1094000513:Test User:/home/testuser:/bin/bash
getent passwd testuser_email@email.domain.com
testuser:*:1094009125:1094000513:Test User:/home/testuser:/bin/bash
Which you can see SSSD is showing all three forms to be the same user since the numerical uid is the same. I was then also able to SSH to the Linux host and successfully authenticate with any of those three forms of the username.
For your specific issues with your environment I would encourage you to open a Technical Support ticket so that you can work through the details with them.
Thank you for your time.
Stuart
... View more