On ma, 13 marras 2017, Zach Bayne via FreeIPA-users wrote:
I have active directory as dc1.ad.domainname and dc2.ad.domainname
I also have freeipa at ipa1.ipa.domainname and ipa2.ipa.domainname
both of them seem to work fine independently, I then created a trust and
set smb min and max to 2. from the server 2k12 side the trust validates
and from the ipa side i can kinit user@ad.domainname but thats where the
working ends. I can not login to webinterface as ad it says my session has
expired and to relogin. wbinfo status shows ad as offline
both ldap dns records for ipa and ad look correct
[root@ipa1 ~]# wbinfo -n 'AD\Domain Admins'
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name AD\Domain Admins
[root@ipa1 ~]# ipa --version
VERSION: 4.5.0, API_VERSION: 2.228
[root@ipa1 ~]# sssd --version
1.15.2
attached below is the log.wd.ad
I am happy to provide any more information and thank anyone who can help me
solve this, have been beaten up for a bit on it.
Forget about looking into Samba logs alone. They aren't relevant here.
IPA uses SSSD to look up users/groups, not winbindd. Winbindd is used by
Samba itself for topology details and not for user lookups. It is
expected to see wbinfo reporting "offline" state because it is not
relevant at all.
See
https://www.freeipa.org/page/Active_Directory_trust_setup#Debugging_trust
and provide information requested there.
--
/ Alexander Bokovoy
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
