Hi again, I have generated debug, both in samba and in sssd and attached the log files. From what I can see from the sssd-logfile we are talkin to the AD domain but does not find any groups? The rest for the debug files are from the whole session including the trust-add. If you could have a quick look at it I would be grateful since pretty much stuck here. Terminal output: # ipa -v trust-add --type=ad ad.test.net --admin aduser ipa: INFO: trying https://ipaserver.idm.test.net/ipa/session/json ipa: INFO: [try 1]: Forwarding 'schema' to json server 'https://ipaserver.idm.test.net/ipa/session/json' ipa: INFO: trying https://ipaserver.idm.test.net/ipa/session/json Active Directory domain administrator's password: ipa: INFO: [try 1]: Forwarding 'trust_add/1' to json server 'https://ipaserver.idm.test.net/ipa/session/json' ----------------------------------------------------- Added Active Directory trust for realm "ad.test.net" ----------------------------------------------------- Realm name: ad.test.net Domain NetBIOS name: AD Domain Security Identifier: S-1-6-42-491525448-2008367481-725548543 Trust direction: Trusting forest Trust type: Active Directory domain Trust status: Established and verified # ipa trust-fetch-domains ad.test.net ---------------------------------------------------------------------------------------- List of trust domains successfully refreshed. Use trustdomain-find command to list them. ---------------------------------------------------------------------------------------- ---------------------------- Number of entries returned 0 ---------------------------- [root@ipaserver samba]# ipa trustdomain-find ad.test.net Domain name: ad.test.net Domain NetBIOS name: AD Domain Security Identifier: S-1-6-42-491525448-2008367481-725548543 Domain enabled: True Domain name: corp.ad.test.net Domain NetBIOS name: CORP Domain Security Identifier: S-1-6-42-2417082233-1637723082-1916539915 Domain enabled: True ---------------------------- Number of entries returned 2 ]# ipa -v group-add-member ad_users_external --external 'AD\Domain Users' ipa: INFO: trying https://ipaserver.idm.test.net/ipa/session/json [member user]: [member group]: ipa: INFO: [try 1]: Forwarding 'group_add_member/1' to json server 'https://ipaserver.idm.test.net/ipa/session/json' Group name: ad_users_external Description: AD users external map Failed members: member user: member group: AD\Domain Users: trusted domain object not found ------------------------- Number of members added 0 |
ipa-debug.tar.bz2
Description: BZip2 compressed data
Regards Henrik
|
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org