On Wed, Jul 11, 2018 at 08:36:43PM -0000, Mike Conner via FreeIPA-users wrote:
I have an issue where i've established the AD trust and am able
my own account and about 30 others, but all others fail. I've compared
AD attributes across accounts and can't find anything that is notably
different. I've seen messages about making sure that groups can resolve,
but I don't think that's what's happening. I have a user account that only
has one group membership and that group resolves, but the account still
is not returned on a lookup. The only common thread I can find with the
accounts that succeed is that they are older accounts - they were created
a long time ago - more recently created accounts fail. Where can I look
to see what might be happening?
Are the users resolvable on the IPA server at least or do the lookups
fail on both the server an the client?