Hello Everyone, I have four CentOS 7.3 boxes running ipa that are in a one way trust with an AD domain. Two servers are configured as trust agents and the other two are trust controllers.
The trust agents and one trust controller are functioning properly. That is, I can ssh to them and login with my AD credentials, I can use sudo, I can get kerberos tickets, etc. They're working just like I expected them to. The problem is one trust controller won't let me login with my AD credentials. If I login as root and run "id adacco...@domain.tld", I get back the message "no such user". However, I can get kerberos tickets (i.e kinit adacco...@domain.tld) for the AD users so I know at least that part works. I've run "ipa-server-install --uninstall", rebooted, and then installed the server again a couple of times, but I've seen no change. I've checked ports and routes and other basic networking with no glaring issues found. I've seen this error in sssd_nss.log: (Thu Nov 2 09:58:00 2017) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 22 error message: Invalid argument (Thu Nov 2 09:58:00 2017) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider Error: 3, 22, Invalid argument Will try to return what we have in cache And that's about it. AD users are simply not found and I can't figure out why. Does anyone have any ideas on what's wrong? Thanks in advance. -- Ranbir _______________________________________________ FreeIPA-users mailing list -- firstname.lastname@example.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org