Thank you for the answer. I've verified the status of domain on both server and client. On a server it appears that IPA domain (ipa.sub.mydomain.com) is always online. However, status of AD domain (sub.mydomain.com) seems to be fluctuating between Online and Offline and sometimes sssctl returns communication error:
[root@idm4 ~]# sssctl domain-status sub.mydomain.com Unable to get online status [3]: Communication error org.freedesktop.sssd.Error.UnknownDomain: Unknown domain Unable to get online status [root@idm4 ~]# sssctl domain-status sub.mydomain.com Online status: Online Active servers: AD Global Catalog: not connected AD Domain Controller: dc.sub.mydomain.com IPA: idm4.ipa.sub.mydomain.com Discovered AD Global Catalog servers: None so far. Discovered AD Domain Controller servers: - dc.sub.mydomain.com Discovered IPA servers: - idm4.ipa.sub.mydomain.com On a client sssctl always shows that IPA domain is Online, but after clearing the sssd cache with sss_cache -E and restarting sssd daemon getent passwd command for AD users doesn't yield any results. I've double firewalls and turned them off both in AD controller and on Linux boxes but it doesn't change a thing. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
