On Tue, Aug 01, 2017 at 11:20:16AM -0000, Igor Sever via FreeIPA-users wrote:
I have the same error.
I established two-way trust with AD which went fine.
Authentication with Kerberos to AD is working.
Since I have one test FreeIPA which is working correctly (relatively) I compared logs and
pinpointed problem to strange LDAP search which is FreeIPA sending to DC:
(&(sAMAccountName=domain\20admins)(objectClass=group)(sAMAccountName=*)(&(gidNumber=*)(!(gidNumber=0))))
This LDAP query is of course not working on AD. I don’t know why FreeIPA is sending this
kind of query to AD in this case?
Only difference that I can think of in this case is that I didn’t establish trust in two
steps, but in one step from FreeIPA using command switch --two-way=true.
Pardon my ignorance, but what part of that query doesn't work?