On 08.11.19 10:15, Sumit Bose via FreeIPA-users wrote:
On Fri, Nov 08, 2019 at 10:04:41AM +0100, Ronald Wimmer via
FreeIPA-users wrote:
> It seems that this was a coincidence... sometimes AD users are found but
> most of the time they are not:
>
> [root@ipaclient sssd]# id usera(a)bau.mydomain.at
> id: usera(a)bau.mydomain.at: No such user
> [root@ipaclient sssd]# id userb(a)bau.mydomain.at
> id: userb(a)bau.mydomain.at: No such user
>
> Where do I have to take a closer look?
Hi,
please check on the IPA server. What is the output of 'id
usera(a)bau.mydomain.at' on the IPA server when the client returns 'No
such user'?
There is apparently no problem on the ipa servers themselves. id
usera(a)bau.mydomain.at did work every time I tried...
Additionally please check the SSSD logs on the IPA server if there
are
any issue looking up the user or any groups the user is a member of.
In order to avoid an AD group problem I created an external group with
the AD users as members (instead of putting an AD group there) and
mapped that group to an IPA POSIX group.
Cheers,
Ronald