iulian roman via FreeIPA-users wrote:
I have an IPA setup with AD trust and when I added a new group in AD it is detected only
on one ipa server (I have 2 ipa servers in replication mode).
getent group correctly returns the group only on one IPA server, therefore only the ipa
clients enrolled to that ipa server can see the group.
In the sssd logs I can see the following error:
[ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32),
If i try to add the AD group as external to a IPA group , by executing: ipa
group-add-member ad_group --external "infosec(a)example.local"
, I get the following error:
member group: infosec(a)example.local: trusted domain object not found
Any idea how can I solve or troubleshoot it?
Did you run ipa-adtrust-install on the other servers? They need to be
configured as trust agents.