On Mon, Jun 24, 2019 at 09:35:20AM -0400, Marc Boorshtein via FreeIPA-users wrote:
We added a new account to AD that has a domain trust with FreeIPA.
This
one user is having an issue where IPA can't find him. The user is in the
same OU as other users that work fine. The user is unlocked
(userAccountControl is 512) and the userprincipalname is set. When I try
to add the user to an id view or an external group IPA gives me the error
"trusted domain object not found" . Not really sure where to look next to
figure out what's wrong. We see the user when we make LDAP calls to AD.
Hi,
the answer will be most probably in the SSSD logs on the IPA server.
Please try:
sss_debuglevel 9
sss_cache -E
getent passwd ad_user(a)ad.domain
sss_debuglevel 0 # or your default debug level
and send the sssd_nss.log and the domain log file.
Since it is a new user I wonder if maybe the RID is larger than 200000?
For automatic id-mapping a range of 200000 IDs is used by default and if
the RIDs become higher a new range should be added.
HTH
bye,
Sumit
Thanks
Marc
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...