On 06/29/2017 09:47 PM, Jason Hensley via FreeIPA-users wrote:
Hello,

  I have setup a pair of FreeIPA 4.5.2 servers.  One via
ipa-server-install, the other via ipa-replica-install.  I have tried
them both as trust controllers and I have tried them in a
controller/agent setup.

  My problem is that no AD users can login to the self service UI on the
secondary IPA server.  Is this by design, or is it merely a bug?  I can
provide more details/logs/configs on request.
Hi,

did you also open the required ports on the replica?
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/trust-during.html#trust-req-ports

You can also check that the clocks are in sync and that kinit adu...@ad.domain.com succeeds on the replica.

Flo

 Thanks,
Jason


_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to