SSSD Authentication to Windows Domain without @domain.com everywhere
Solution 1:
The 'default_domain_suffix' answer is valid for users from a trusted domain (i.e. IPA-AD trust is in place).
However, if your setup only has one domain, then removing "use_fully_qualified_names=True" from the config is an easier way.
Solution 2:
you need to add default_domain_suffix to your sssd.conf file. Bear in mind it only works under [sssd] section.
e.g.:
[sssd]
domains = YOURDOMAIN
config_file_version = 2
services = nss, pam
default_domain_suffix = YOURDOMAIN