Hello Everyone,

I have four CentOS 7.3 boxes running ipa that are in a one way trust
with an AD domain. Two servers are configured as trust agents and the
other two are trust controllers.

The trust agents and one trust controller are functioning properly.
That is, I can ssh to them and login with my AD credentials, I can use
sudo, I can get kerberos tickets, etc. They're working just like I
expected them to.

The problem is one trust controller won't let me login with my AD
credentials. If I login as root and run "id adacco...@domain.tld", I
get back the message "no such user". However, I can get kerberos
tickets (i.e kinit adacco...@domain.tld) for the AD users so I know at
least that part works.

I've run "ipa-server-install --uninstall", rebooted, and then installed
the server again a couple of times, but I've seen no change. I've
checked ports and routes and other basic networking with no glaring
issues found. 

I've seen this error in sssd_nss.log:

(Thu Nov  2 09:58:00 2017) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply 
from Data Provider - DP error code: 3 errno: 22 error message: Invalid argument
(Thu Nov  2 09:58:00 2017) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): 
Unable to get information from Data Provider
Error: 3, 22, Invalid argument
Will try to return what we have in cache

And that's about it. AD users are simply not found and I can't figure out why.

Does anyone have any ideas on what's wrong?

Thanks in advance.

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to