Hi,
we have a setup with a Forest Trust to an AD Domain.
Everything looks good on the FreeIPA Servers itself. We can see User information if we do
"getent passwd user(a)ad.domain" or "id user(a)ad.domain" or "sssctl
user-checks user(a)ad.domain".
But on a connected client, we get only the user of the ipa domain and no user information
on ad user.
In the logs, we found no obvious error.
The only thing we see in sssd.log is:
(Tue Jul 10 16:19:27 2018) [sssd[be[ipa.domain]]] [delayed_online_authentication_callback]
(0x0200): Backend is online, starting delayed online authentication.
(Tue Jul 10 16:19:28 2018) [sssd[be[ipa.domain]]] [dp_get_account_info_handler] (0x0200):
Got request for [0x1][BE_REQ_USER][name=user(a)ad.domain]
(Tue Jul 10 16:19:28 2018) [sssd[be[ipa.domain]]] [ipa_s2n_exop_done] (0x0040):
ldap_extended_operation result: No such object(32), (null).
(Tue Jul 10 16:19:28 2018) [sssd[be[ipa.domain]]] [ipa_s2n_get_user_done] (0x0040): s2n
exop request failed.
Best Regards,
Axel
Show replies by thread