trust add completes and logs attached.
appreciate the help
https://drive.google.com/open?id=1SwiAaQkq4PttVaGNUBS_DoVP12Z53kZM

--
Golden Dog Development
z...@goldendogdev.net
636/395-0804
http://goldendogdev.net
--
All messages should be signed
27D1 C230 E66F BEF6 9697
D40E 2A04 2009 B9BD 15C5
27D1 C230 E66F BEF6 9697
D40E 2A04 2009 B9BD 15C5

On Mon, Nov 13, 2017 at 3:01 PM, Alexander Bokovoy <aboko...@redhat.com>
wrote:

> On ma, 13 marras 2017, Zach Bayne via FreeIPA-users wrote:
>
>> I have active directory as dc1.ad.domainname and dc2.ad.domainname
>> I also have freeipa at ipa1.ipa.domainname and ipa2.ipa.domainname
>> both of them seem to work fine independently, I then created a trust and
>> set smb min and max to 2. from the server 2k12 side  the trust validates
>> and from the ipa side i can kinit user@ad.domainname but thats where the
>> working ends. I can not login to webinterface as ad it says my session has
>> expired and to relogin. wbinfo status shows ad as offline
>> both ldap dns records for ipa and ad look correct
>> [root@ipa1 ~]# wbinfo -n 'AD\Domain Admins'
>> failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
>> Could not lookup name AD\Domain Admins
>>
>>
>> [root@ipa1 ~]# ipa --version
>> VERSION: 4.5.0, API_VERSION: 2.228
>>
>> [root@ipa1 ~]# sssd --version
>> 1.15.2
>> attached below is the log.wd.ad
>> I am happy to provide any more information and thank anyone who can help
>> me
>> solve this, have been beaten up for a bit on it.
>>
> Forget about looking into Samba logs alone. They aren't relevant here.
> IPA uses SSSD to look up users/groups, not winbindd. Winbindd is used by
> Samba itself for topology details and not for user lookups. It is
> expected to see wbinfo reporting "offline" state because it is not
> relevant at all.
>
> See
> https://www.freeipa.org/page/Active_Directory_trust_setup#Debugging_trust
> and provide information requested there.
>
> --
> / Alexander Bokovoy
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to