On Thu, Jul 13, 2017 at 12:17:42PM -0000, bogusmaster--- via FreeIPA-users 
wrote:
> Thank you for the answer.
> 
> I've verified the status of domain on both server and client.
> On a server it appears that IPA domain (ipa.sub.mydomain.com) is always 
> online. However, status of AD domain (sub.mydomain.com) seems to be 
> fluctuating between Online and Offline and sometimes sssctl returns 
> communication error:
> 
> [root@idm4 ~]# sssctl domain-status sub.mydomain.com
> Unable to get online status [3]: Communication error
> org.freedesktop.sssd.Error.UnknownDomain: Unknown domain
> Unable to get online status
> [root@idm4 ~]# sssctl domain-status sub.mydomain.com
> Online status: Online
> 
> Active servers:
> AD Global Catalog: not connected
> AD Domain Controller: dc.sub.mydomain.com
> IPA: idm4.ipa.sub.mydomain.com
> 
> Discovered AD Global Catalog servers:
> None so far.
> 
> Discovered AD Domain Controller servers:
> - dc.sub.mydomain.com
> 
> Discovered IPA servers:
> - idm4.ipa.sub.mydomain.com
> 
> On a client sssctl always shows that IPA domain is Online, but after clearing 
> the sssd cache with sss_cache -E and restarting sssd daemon getent passwd 
> command for AD users doesn't yield any results.
> I've double firewalls and turned them off both in AD controller and on Linux 
> boxes but it doesn't change a thing.

Can you send me the sssd_nss.log and sssd_your.domain.log from the
client with debug_level=10 which include the getent passwd request?

bye,
Sumit

> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to