Thank you for the answer.

I've verified the status of domain on both server and client.
On a server it appears that IPA domain ( is always online. 
However, status of AD domain ( seems to be fluctuating between 
Online and Offline and sometimes sssctl returns communication error:

[root@idm4 ~]# sssctl domain-status
Unable to get online status [3]: Communication error
org.freedesktop.sssd.Error.UnknownDomain: Unknown domain
Unable to get online status
[root@idm4 ~]# sssctl domain-status
Online status: Online

Active servers:
AD Global Catalog: not connected
AD Domain Controller:

Discovered AD Global Catalog servers:
None so far.

Discovered AD Domain Controller servers:

Discovered IPA servers:

On a client sssctl always shows that IPA domain is Online, but after clearing 
the sssd cache with sss_cache -E and restarting sssd daemon getent passwd 
command for AD users doesn't yield any results.
I've double firewalls and turned them off both in AD controller and on Linux 
boxes but it doesn't change a thing.
FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to