On Thu, Jul 13, 2017 at 12:17:42PM -0000, bogusmaster--- via FreeIPA-users wrote:
Thank you for the answer.
I've verified the status of domain on both server and client. On a server it appears that IPA domain (ipa.sub.mydomain.com) is always online. However, status of AD domain (sub.mydomain.com) seems to be fluctuating between Online and Offline and sometimes sssctl returns communication error:
[root@idm4 ~]# sssctl domain-status sub.mydomain.com Unable to get online status [3]: Communication error org.freedesktop.sssd.Error.UnknownDomain: Unknown domain Unable to get online status [root@idm4 ~]# sssctl domain-status sub.mydomain.com Online status: Online
Active servers: AD Global Catalog: not connected AD Domain Controller: dc.sub.mydomain.com IPA: idm4.ipa.sub.mydomain.com
Discovered AD Global Catalog servers: None so far.
Discovered AD Domain Controller servers:
- dc.sub.mydomain.com
Discovered IPA servers:
- idm4.ipa.sub.mydomain.com
On a client sssctl always shows that IPA domain is Online, but after clearing the sssd cache with sss_cache -E and restarting sssd daemon getent passwd command for AD users doesn't yield any results. I've double firewalls and turned them off both in AD controller and on Linux boxes but it doesn't change a thing.
Can you send me the sssd_nss.log and sssd_your.domain.log from the client with debug_level=10 which include the getent passwd request?
bye, Sumit
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org